Users Management feature available only to users with Administrator role,
At Cloudivize Account Setting menu, select Manage Users at the left bar to open the Users Management page.
Based on your Subscription, you will be able to:
Invite users (by mail) to your Cloudivize account
Cancel unaccepted invitations
Remove users from Cloudivize account
Change user roles
Three possible roles of users at Cloudivize Solution:
Administrator: This role grants the user the following privileges:
View and change AWS Account Settings.
Manage and invite other users to this account
Author: This role grants the user the following privileges:
Viewer: This role grants the user the following privileges:
View and navigate without the option to change any asset. i.e. Read Only.
User Level Policy
Administrator wishes to limit the roles used by specific user, he can attach an IAM Policy to that user at his account. using the comprehensive AWS IAM Policy format. This IAM policy enables the Administrator to allow or deny viewing, accessing, modifying or operating any asset at the managed account.
For instance: Administrator can allow a specific user to view or change specific assets (or types) and can deny access from another user. Or, Administrator can deny from specific user to operate any asset, but he can still allow him to visualize all assets within the managed account.
When the User Level IAM Policy does not allow to load an asset type (i.e. denying DescribeXXX, ListXXX or GetXXX APIs) those types will not be shown at the user canvas.
It should be noticed that the Minimal Requirements specified at AWS Credentials Configuration for IAM Role still valid here too. It means, denying access to any of the mentioned actions will harm the system functionality and user could fail using the system as expected.
For convenience, Cloudivize provides a basic JSON editor to allow the user review or change the IAM Policy and to make sure it is at a valid format.
To remove the user level policy (and allow the user to assume the same account IAM Role), Administrator can delete the policy (or use the trash icon at the top right side of the JSON editor).
Recommendation: use https://awspolicygen.s3.amazonaws.com/policygen.html to generate a valid IAM Policy, and make sure you are applying the expected policy beforehand.
Use "Invite New User" to provide the email of the invited user. This user will get an invitation mail from Cloudivize to join your account:
The invited user will be requested to signup or use his Amazon Login (see Signup).
Even if the invited user already has a Cloudivize account, he can still join your account by accepting your invitation, which permanently deletes his old account.
The ability to invite other users to your account is valid for Team & Enterprise Subscriptions, and is not possible at Professional Subscription.
This will remove the selected user from your account, but it will not delete his Cloudivize user. If the removed user wished to delete his account, he still can Deactivate his account
That removed user can still use Cloudivize by creating his own AWS account
Any administrator at this account can change the other users’ role to any role specified above, withing the Subscription options.