Properly assigning permissions to users based on their role is a key component for environment management. Creating roles and assigning users to those roles is less prone to error than assigning permissions to individual users.

There are two main personas:

  • Platform Engineers whose goal is to allow their development and QA teams to move faster and reduce complexity to building and testing apps by providing them with whatever tools, capabilities, and platforms necessary to do so.

  • Developers whose goal is to deliver value to their customers through new cutting-edge applications. Developers should not be burdened with learning DevOps, cloud infrastructure, or dependency management to deliver their applications. They should be able to write code and point their code to a testbed or environment without worrying about infrastructure.

Environment Manager provides the following role-based access controls.

  • Environment Admin

    • Can spin up environments and resources from templates.
    • Cannot create environment templates or resource templates. These are defined by the Infra Admin or Org Admin.
  • Infra Admin

    • Responsible for creating environment and resource templates. The overall governance and management of IaC is the Infra Admin's responsibility.
    • Cannot share templates. Sharing templates is done by an Org Admin.
  • Org Admin

    • Share environment and resource templates between different projects within the organization.
  • Project / Workspace / Namespace Admin

    • Can deploy apps to environments.
    • Can view some information about environments, but does not have full IaC view. Full IaC view is for Environment Admins, Infra Admins, and Org Admins.
Permission Org Admin Infra Admin Env Admin Other
Resource and Environment Template Sharing Yes No No No
Environment Provisioning Yes Yes Yes No
Environment and Resource Template Creation Yes Yes No No
Provisioning Workload to Environment Yes Yes Yes Yes