Managing User Roles with Apps Manager

Page last updated:

Note: The procedures described here are not compatible with using SAML or LDAP for user identity management. To create and manage user accounts in a SAML- or LDAP-enabled Cloud Foundry deployment, see Adding Existing SAML or LDAP Users to a Pivotal Cloud Foundry Deployment.

Cloud Foundry uses role-based access control, with each role granting the permissions in either an org or an application space.

A user account can be assigned one or more roles.

The combination of these roles defines the actions a user can perform in an org and within specific app spaces in that org.

To view the actions that each role allows, see the Organizations, Spaces, Roles, and Permissions topic. For example, to assign roles to user accounts in a space, you must have Space Manager role assigned to the user in that space.

You can also modify permissions for existing users by adding or removing the roles associated with the user account. User roles are assigned on a per-space basis, so you must modify the user account for each space that you want to change.

Admins, Org Managers, and Space Managers can assign user roles with Apps Manager or with the Cloud Foundry Command Line Interface (cf CLI). For more information, see the Users and Roles section of the Getting Started with the cf CLI topic.

Manage Org Roles

Valid org roles are Organization Manager and Organization Auditor.

To grant or revoke org roles, follow the steps below.

  1. In the Apps Manager navigation on the left, the current org is highlighted. Click the drop-down menu to view other orgs belonging to the account.

    Other Orgs

  2. Use the Apps Manager navigation to select an org.

  3. Click the Members tab. Edit the roles assigned to each user by selecting or clearing the checkboxes under each user role. Apps Manager saves your changes automatically.

    Members

  4. The Members panel displays all members of the org. Select a checkbox to grant an org role to a user, or clear a checkbox to revoke a role from a user.

Manage App Space Roles

Valid app space roles are Space Manager, Space Developer, and Space Auditor.

To grant or revoke app space roles, follow the steps below.

  1. In the Members tab of an org, click the drop-down menu to view spaces in the org.

    Select space

  2. Use the drop-down menu to select a space.

  3. The Members panel displays all members of the space. Select a checkbox to grant an app space role to a user, or clear a checkbox to revoke a role from a user.

    Space members

    • Space Managers can invite and manage users and enable features for a given space. Assign this role to managers or other users who need to administer the account.
    • Space Developers can create, delete, and manage applications and services, and have full access to all usage reports and logs. Space Developers can also edit applications, including the number of instances and memory footprint. Assign this role to app developers or other users who need to interact with applications and services.
    • Space Auditors have view-only access to all space information, settings, reports, and logs. Assign this role to users who need to view but not edit the application space.

Invite New Users

Note: The Enable Invitations checkbox in the Apps Manager section of the Elastic Runtime tile must be selected to invite new users.

  1. On the Org dashboard, click the Members tab.

    Members

  2. Click Invite New Members. The Invite New Team Member(s) form appears.

    Invite

  3. In the Add Email Addresses text field, enter the email addresses of the users that you want to invite. Enter multiple email addresses as a comma-delimited list.

  4. The Assign Org Roles and Assign Space Roles tables list the current org and available spaces with checkboxes corresponding to each possible user role. Select the checkboxes that correspond to the permissions that you want to grant to the invited users.

  5. Click Send Invite. The Apps Manager sends an email containing an invitation link to each email address that you specified.

Remove a User From an Org

Removing a user from org also removes them from all spaces in the org.

  1. On the Org dashboard, click the Members tab.

    Members

  2. Locate the user account that you want to remove.

  3. Under the user’s email address, click on the Remove User link. A warning dialog appears.

    Remove org member

  4. Click Remove to confirm user account deletion from the org.

Remove a User From a Space

  1. In the Members tab of an org, click the drop-down menu to view spaces in the org.

    Select space

  2. Select the space you are removing members from.

  3. The Members panel displays all members of the space. Locate the user account that you want to remove.

    Space members

  4. Under the user’s email address, click on the Remove User link. A warning dialog appears.

    Remove space member

  5. Click Remove to confirm user account deletion from the space.

Create a pull request or raise an issue on the source for this page in GitHub