Managing Users' Access and Roles
Users represent individuals allowed to log in to Equinix portals. As an Administrator, assign users to organizations and projects and grant them access to select assets based on predefined or custom roles.
If you are a user that needs access to an Organization, Project, or assets, contact your organization's IAM Admin or the Company Admin to get the appropriate roles assigned. IAM Administrators or Company Administrators are the only authorized persons to assign roles to their organization's users.
For assets and products that haven't been onboarded to Identity and Access Management, use the permissions available in the Administration -> User Management section of the Customer Portal. See Managing User Permissions.
Inheritance
Users assigned to an organization automatically inherit access to organizations and projects nested under the given organization node. This applies to existing organizations and projects as well as future organizations and projects created under this organization. Changes in role assignments on a specific hierarchy level are also reflected in the underlying organizations and projects.
Example:
Joe has been assigned to the Moonshot International organization. Through inheritance, he can access all organizations and projects nested under the Moonshot International organization. Joe has also been explicitly assigned to the Nucleus project.
When an organization or project is moved under a new parent organization:
- Users explicitly assigned to the organization or project will still be able to access it, and organizations and projects nested under it, after it's moved to a new target organization.
- Users that inherited access to it from the current parent organization, will no longer be able to access the organization or project.
- Users that have access to the new parent organization, by being explicitly assigned to it or through inheritance, will gain access to the organization or project being moved.
Example:
After moving the Germany project under the Moonshot Domestic organization, Jane inherited access to all nested organizations and projects. Joe is still able to access the Nucleus project because he has been explicitly assigned to it.
Granting Access to Organizations or Projects
To grant access and assign roles in Organizations or Projects:
-
Sign in to the Identity & Access Management portal as an IAM Admin user.
-
Click Users.
-
Select an organization or a project; click the Context Switcher drop-down menu, select an organization or a project, then click Go.
infoOnly users with assigned roles will be shown; to assign roles to users with no existing roles, you MUST search for the user using either First Name / Last Name or username. You can also search for a user in a different organization within the same rootOrg by searching for the exact username of that user.
noteFor resellers, to view your users from end customer organizations select the end customer organization in the context switcher. From there, they can then grant access to these users at the end customer organization level.
-
Select the users you want to assign roles to in the Organization or Project.
tipYou can select multiple users to grant access by ticking the checkbox next to the users.
-
Click Grant Access.
-
For Projects, you will need to confirm that you want the selected roles on this Project, select Assign Role on a Project. Click Next.
-
Select the roles you are granting and click Next
-
Review the selected users and role assignments.
noteRole assignment is inherited by all the nodes within the selected organization or project. See Inheritance.
-
Click Submit.
Assigning Roles to a User
You can assign roles in an Organization or Project to a user from their User Details. To assign roles to a user:
-
Sign in to the Identity & Access Management portal as an IAM Admin user.
-
Click Users.
-
Select an organization or a project; click the Context Switcher drop-down menu, select an organization or a project, then click Go.
-
Locate the user and click their user name, or use the options menu and select User Details to access the User Details page.
-
Click Assign Role.
-
From the Role drop-down list, select the category, then choose the role.
noteRole assignment is inherited by all the nodes within the selected organization or project scope.
-
Click Add Another Role to assign additional roles.
-
Click Assign.
Managing a User's Roles
You can manage all a user's roles for a given Organization and Project from their User Details page. You can access this page only if the user has at least one existing role.
The Manage Roles page from User Details shows all available user's roles that can be assigned or unassigned. From here, you can toggle any checkbox to add or remove any of the user's roles.
The Manage Roles page does not show role inheritance. You cannot remove a user's role if the role is inherited from Manage Roles. See Removing a User's Role to view inherited roles.
To manage a user's role(s):
-
Sign in to the Identity & Access Management portal as an IAM Admin user.
-
Click Users.
-
Select an organization or a project; click the Context Switcher drop-down menu, select an organization or a project, then click Go.
-
Locate the user and from the options menu, select User Details. A list of the user's Organization and Project Roles and Asset Roles will be shown.
-
Click on Manage roles. A list of available user roles will be displayed.
-
Select or deselect the checkboxes to add or remove user roles. Click Apply.
Removing a User's Role
This method allows you to view all the roles that a user has within the selected Organization or Project. From here, you can select which roles to remove. This function will show you whether a role is inherited, as well as where the inheritance originates from.
To remove a user's role(s):
-
Sign in to the Identity & Access Management portal as an IAM Admin user.
-
Click Users.
-
Select an organization or a project; click the Context Switcher drop-down menu, select an organization or a project, then click Go.
-
Locate the user and from the options menu, select User Details. A list of the user's Organization and Project Roles and Asset Roles will be shown.
tipThe inheritance column shows whether the role is inherited. Not Available indicates that this role is not inherited from any parent organization/project and you can remove the role. Otherwise, you must go to the Organization or Project shown in the inheritance column in order to remove this role. This can be done using the Context Switcher.
-
Locate the role you want to remove and from the options menu, select Remove Role.
infoIf role is inherited, the Remove Role option will not be available.
-
Tick the checkbox to confirm that you want to remove the role. Then click Remove Role. This will remove the selected user's roles from the selected resource.
Removing a User from an Organization
This is the most straightforward method of removing a user's role from a resource. It will remove all user's roles from a selected resource. You need to locate the user within the resource hierarchy and then remove the user's roles from that resource. However, this method will not show you the role inheritance for your users, and the function will not be available if there are any inherited roles.
To unassign users's roles:
-
Sign in to the Identity & Access Management portal as an IAM Admin user.
-
Click Users.
-
Select an organization or a project; click the Context Switcher drop-down menu, select an organization or a project, then click Go.
-
Locate the user and from the options menu, select Remove User.
infoIf the user has any inherited roles from a parent Organization or Project, the Remove User option will not be available. You must go to the parent Organization or Project to remove the user. This can be done using the Context Switcher.
-
Tick the checkbox to confirm that you want to remove this user. Then click Remove User from Organization. This will remove all of the roles this user has for this Organization.
