Managing an organization's user access
Suggest editsEDB Postgres AI uses role-based access controls to grant users access to different parts of the application using organization-level and project-level roles. Roles are sets of permissions. EDB Postgres AI uses roles to manage permissions assigned to users.
- Each customer has a unique EDB Postgres AI organization.
- Each organization has at least one project by default.
- An organization's database clusters deploy on the cloud service providers within a project.
- You can create multiple projects within a single organization.
With multiple projects within an organization you can:
- Separate workflows to provide secure and isolated environments.
- Assign different users to different projects or give different roles to users in different projects to ensure they have the correct level of permissions.
Inviting or adding users to an organization
To access an EDB Postgres AI organization, each user needs to either have an EDB account that includes the user in EDB's own identity provider service, or the user needs to listed in the organization's identity provider. Identity providers establish the identity of users that can log in to EDB Postgres AI.
All EDB Postgres AI organizations have a default identity provider based around EDB accounts. A user can sign up for an EDB account allowing the owner or administrator of an organization to add them to the organization.
You can configure other identity providers for your organization. For more information on how to do that, see Setting up your identity provider.
You can invite people to your organization by selecting User Management from the dropdown menu in the top right of your EDB Postgres AI console page. This takes you to the Users Management view. In the top right hand side of the display is a Add New User button. Select that and in the Add New User dialog that appears, you can enter the users email address and assign organization level roles to the user. If you don't select any roles, the user only added to the organization. To work on a project, the user needs assigning to a project-level role later . Click Send Invite to send the invitation to the user.
Organization-level roles
The following roles grant privileges within an organization.
- Organization owner — This role has management privileges to the organization and can perform the following actions:
- Create and view projects within their organization
- Update and delete their own projects
- View and assign organization-level and project-level roles
- View an activity log for the whole organization and each project
- View and download a usage report for the whole organization and each project
- View the identity provider details
Note
- The first user in a EDB Postgres AI organization is an organization owner and project owner of the initial project, by default.
- At least one user must be an organization owner.
- Organization admin — This role has read-only permissions to the organization. They can:
- View a list of projects within the organization
- View and download a usage report for the whole organization
- View other users with organization-level roles
- View the identity provider details of the EDB Postgres AI subscription
Assigning organization level roles to users
Organization owners can assign users organization-level roles to enable them to carry out certain tasks:
From the menu next to your organization name in the top right of the portal, select User Management.
Select the edit icon for the user.
Select Assign Roles.
Select the roles for the user.
Select Submit.
See Adding a user to a project for information on adding users to projects.