Managing Organizations¶
Create hierarchies, assign managers, and control permissions across your institution in the Supercloud platform.
Overview¶
Organizations are a core cloud operations governance construct that lets you create a custom hierarchy within your institution and assign management rights to administrators who take responsibility for units within the organization. The organization is the root parent of all sub-organizations within it, providing centralized policy enforcement, budget controls, and RBAC across AWS, Azure, GCP, Alibaba Cloud, OVH, and OpenStack.
Management Roles¶
| Role | Description |
|---|---|
| CPOC | Central Point of Contact - Can view and create sub-organizations |
| ADMIN | Can add/remove users, assign managers, delete organizations |
| SUPERUSER | Full control including credentials, cleanup, and cloud console access |
Role Inheritance
If you have a role on an organization, you have at least that role on all its sub-organizations recursively.
Permissions Matrix¶
| Action | CPOC | ADMIN | SUPERUSER |
|---|---|---|---|
| Delete the organization | |||
| Create a sub-organization | |||
| Add a user | |||
| Remove a user | |||
| View organization managers | |||
| Add a manager | |||
| Remove a manager | |||
| Set Regions, Instance Types, Services | |||
| Stop All, Terminate All | |||
| Cleanup All | |||
| Go to Cloud Console | |||
| Masquerade as user | |||
| Download, Reset credentials |
Organization Rules¶
- To create sub-organizations, you must be a manager of at least one organization
- All sub-organization names must start with the capitalized subdomain of the root organization plus a dash (e.g.,
ACME-Engineering) - Creating a sub-organization grants you ADMIN role on it (or SUPERUSER if you're already a SUPERUSER)
- You can add users to organizations where you have at least CPOC role on that user
- Removing a user from an organization removes them from all sub-organizations recursively
- You can only add/remove managers with roles equal to or below your own
Managing Organizations¶
User Management¶
Add/Remove Users
Users are managed from the Users panel:
- Open the Users perspective
- Select one or more users
- Use Add to Organization or Remove from Organization actions
Note
Users added to an organization inherit the organization's limits. Removing users does not change their existing limits.
Sub-Organizations¶
Create a Sub-Organization
- Select the parent organization
- Click Create Organization
- Enter a name (must start with parent's subdomain + dash)
- Configure initial settings
Show Cloud Accounts
Opens the Cloud Accounts view filtered to accounts linked to the selected organization.
Manager Assignment¶
Assign Managers
- Select the organization
- Click Assign Managers
- Choose users from organizations you manage
- Assign appropriate role (cannot exceed your own role)
Permissions & Limits¶
Assign Roles
Set region roles, cloud services roles, and instance type roles to control the allowed perimeter for all users under the organization.
Set Limits
Configure limits for all users under an organization:
- Maximum number of instances
- Maximum disk size
- Maximum storage size
Set Perspective
Enforce a specific perspective layout for all users in the organization.
Set Billing Code and Purchase Order
Configure financial tracking codes for the organization.
Customization¶
Customize Appearance
Change the organization's:
- Label (display name)
- Description
- Visual appearance
Monitoring Views¶
Organization managers have access to several monitoring views:
| View | Description |
|---|---|
| Organization Chart | Visual tree showing the organizational hierarchy and relationships |
| Organization Costs | Cost breakdown and trends across the organization |
| Organization Resources | Resource utilization across all organization members |
| Organizations Rules | Governance rules and policies applied to organizations |
| Managed Budget Transfers | Budget transfers between organization accounts |
| Managed Vouchers | Vouchers distributed within the organization |
Classrooms¶
Classrooms are virtual teaching environments within an organization. They allow educators to:
- Set up isolated compute environments for students
- Pre-configure formations for coursework
- Monitor student resource usage and costs
- Control access with time-limited permissions
Classrooms combine the MetaCloud's formation capabilities with Cloud Operations governance to deliver managed educational computing.
Formation Management¶
| Action | Description |
|---|---|
| Set Default Formation UIDs | Define default formations for the organization |
| Launch Organization Formations | Start all default formations |
| Shutdown Formation Instances | Shutdown all compute instances |
| Stop Formation Instances | Stop all compute instances |
| Start Formation Instances | Start all compute instances |
| Delete Formation Instances | Remove all compute instances |
Root Organization Actions¶
These actions are only available on root organizations:
| Action | Description |
|---|---|
| Set Whitelisted Domains | Auto-process registrations from specified email domains |
| Get Credentials as CSV | Export user credentials to CSV file |
| Reset User Passwords | Reset RosettaHub passwords (SUPERUSER only) |
| Reset User Emails | Reset emails to subdomain.rosettahub.com format (SUPERUSER only) |
| Enable/Disable Registrations | Control whether applicants can register |
Best Practices¶
Organization Structure
- Create sub-organizations that mirror your institutional structure
- Assign managers at each level to distribute administrative load
- Use naming conventions consistently (e.g.,
ACME-Engineering,ACME-Research)
Permission Management
- Start with restrictive limits and expand as needed
- Use organization-level permissions for consistent policies
- Review manager assignments periodically
Related Topics¶
- Cloud Operations Overview - The governance layer of the Supercloud
- Managing Users
- Managing Cloud Accounts
- Managing Projects