Access control

Access control

The MCS platform implements functionality to support multi-design and differentiation of access rights to project resources (Identity Access Manager, IAM).

You can create several projects for various purposes when you register on the MCS portal. For example, individual projects for development, testing, production environments.

For each project, you can connect various services of our platform with different configuration of resources.

You can follow the write-offs in the Balance section in more details when dividing infrastructure resources into various project.

Add the project

The menu for switching, adding or changing the project name is located at the top of the screen.

Click “Add the project” and give a name.

After adding a project, you can only rename it. Deleting projects will be available later.

Rename project

Select in the context menu the pencil icon. 

Select new name of project.

Differentiation of access rights

In you MCS-account you can add additional administrators who will have access to work with cloud services. They can also be assigned various roles.

Add an administrator

  • In your personal account go to the “Access Control” tab.
  • In the window that opens, click “Add Members”.
  • Enter the email, name and role of the person you want to grant access to. Please note that you can select multiple roles at the same time.
  • Click “Add user”

The new administrator will receive an invitation in the email.

The administrator needs to follow the link in the letter, create a password and enter his personal account with it. 

Your colleague will get access to the selected project roles – except for managing administrator.

Role model of differentiation of user’s rights of the project

The MCS platform supports the separation of access rights to project resources based on a role model.

Six predefined roles are available. The following is a list of roles and their permissions.

 

 

 

 

List of roles and permissions: 

Role

Rights

Owner of project

It has read\modify\delete access to all project resources, including the section “user management” and “payment settings”

Super administrator

The super administrator has the ability to read\modify all project resources and the ability to add new administrator

Project administrator

The administrator has the ability to read\modify\delete project resources. Without the ability to manage users

Billing administrator

The billing administrator has access only to the billing menu item. Can change payment details. Other services that are connected in the project aren’t shown to the user with this role

Security administrator

The security administrator allows you to add new users to the project, assign them roles. 

Network administrator

The network administrator has access to the menu items for creating a network and managing router rules

Observer

The observer can view information in all services of the project. But cannot change or add resources

 

Delete administrator

In your account in tab “Users” and “Roles” you can not only add, but also delete administrators. 

If you want to delete administrator”

  • In your personal account, go to the “Access Control” tab.
  • Select the Users tab.
  • Select the desired administrator.
  • Click “Delete”

 

Two-factor authentication

To ensure the security of the project, two-factor authentication is supported. You can enable it in your profile settings according to this instruction (ссылка)