Managing Users¶
Add/remove rights, manage permissions, and administer user accounts within the Supercloud platform.
Overview¶
Users are organization members with RosettaHub accounts, managed through the cloud operations governance layer (RosettaOps). They can have zero, one, or multiple cloud accounts -- spanning AWS, Azure, GCP, Alibaba Cloud, OVH, and OpenStack -- consolidated under the organization's master cloud accounts. Users have a defined access perimeter controlled by cloud account policies following a Role-Based Access Control (RBAC) model.
User Features¶
Each user has:
- Cloud Accounts - Fully monitored using AWS Lambda/Cloud Functions, CloudWatch/GCP alerts, CloudTrail/GCP sinks
- Default Cloud Storage - For managing their data
- Default Network File System - Shared storage access
- Default RosettaHub Keys - For launching instances and managing resources
User Actions¶
Account Actions¶
| Action | Description |
|---|---|
| Show Cloud Accounts | Display cloud accounts associated with selected users |
| Create Cloud Accounts | Create new cloud accounts for selected users |
| Set Type | Set user type: User, Manager, Researcher, Educator, IT, or Student |
Organization Actions¶
Managers can add or remove users from sub-organizations where they have ADMIN or SUPERUSER roles.
| Action | Description |
|---|---|
| Add to Organization | User limits are upgraded to organization limits |
| Remove from Organization | User limits remain unchanged after removal |
Email Actions¶
| Action | Description |
|---|---|
| Send Credentials | Send password reset link via email |
| Update Email | Change user email (only if current email is marked invalid) |
Permission Actions¶
Permission Boundaries
User permissions cannot exceed those of the organization's CPOC. Contact RosettaHub for additional CPOC permissions.
| Action | Description |
|---|---|
| Set Limits | Configure cloud account limits (max machines, storage size, etc.) |
| Assign Roles to User | Set region, service, and instance type roles |
Available Limit Settings:
- Maximum number of instances
- Maximum disk size
- Maximum storage size
- Allowed regions
- Allowed instance types
- Allowed cloud services
Superuser Actions¶
These actions require SUPERUSER role on the users being managed:
| Action | Description |
|---|---|
| Masquerade as | Log in to RosettaHub as the selected user |
| Masquerade as (show all) | Masquerade with full feature visibility (ignoring role restrictions) |
| Update password | Change the user's password |
| Delete | Delete user and return cloud accounts to the pool |
Delete User
Deleting a user:
- Fully cleans all associated cloud accounts
- Moves cloud accounts to the pool for reassignment
- This action cannot be undone
User Types¶
| Type | Description |
|---|---|
| User | Standard user with basic access |
| Manager | Administrative access to organizations |
| Researcher | Research-focused access profile |
| Educator | Teaching and course management access |
| IT | Technical/infrastructure access |
| Student | Limited access with graduation tracking |
Managing User Permissions¶
Setting Limits¶
- Select one or more users
- Click Set Limits from the Permissions menu
- Configure the desired limits:
- Maximum instances
- Maximum disk size
- Maximum storage
- Click Apply
Assigning Roles¶
Roles control what regions, services, and instance types users can access:
- Select users
- Click Assign Roles to User
- Choose from available role categories:
- Region Roles - Geographic access restrictions
- Service Roles - Cloud service access (EC2, S3, Lambda, etc.)
- Instance Type Roles - Machine size restrictions
- Save changes
Bulk Operations¶
Select multiple users to perform bulk actions:
- Add/remove from organizations in batch
- Set limits for multiple users at once
- Assign roles to groups of users
Best Practices¶
User Management
- Set appropriate user types during onboarding
- Use organization-level limits for consistent policies
- Regularly review and clean up inactive users
Security
- Use masquerade sparingly and only when necessary
- Document masquerade usage for audit purposes
- Reset passwords immediately if credentials are compromised
Permissions
- Start with minimal permissions and expand as needed
- Use role assignments rather than individual exceptions
- Review permissions when users change teams or roles
Related Topics¶
- Cloud Operations Overview - The governance layer of the Supercloud
- Managing Organizations
- Managing Cloud Accounts
- Managing Registrations