Table of Contents

    Tenant and Organizations

    data.all manages teams’ permissions at four levels:

    1. Tenant team
    2. Organization
    3. Environment (next section)
    4. Teams (next section)

    Tenant

    data.all has a super user’s team which is a group from your IdP that has the right to manage high level application (tenant) permissions for all IdP groups integrated with data.all.

    This super user’s team maps to a group from your IdP that’s by default named “DAAdministrators”, any user member of this group will be able to:

    • create organizations
    • manage tenant permissions on onboarded teams (IdP groups) as shown below.

    👥 Manage tenant permissions

    As a user part of “DAAdministrators” on your IdP you can access the settings menu from the profile icon.

    For example, Maria Garcia is not part of “DAAdministrators”, therefore she sees nothing

    On the other hand, Tenant user is part of this group and can navigate to Admin settings

    In Admin Settings, the Tenant user can manage tenant permissions. In the following picture, the user is NOT granting the DataScienceTeam that John belongs to permissions to create an organization.

    If the tenant revokes the permission of a team to manage an object, that team won’t be able to perform any action on that particular object. For the given example, assuming that John only belongs to the DataScienceTeam, he is not able to create organizations:

    Organizations

    Organizations are high level constructs where business units can collaborate across many different AWS accounts at once. An organization includes environments and teams (see next section). Organizations are abstractions, they don’t contain AWS resources, consequently there is no CloudFormation stack associated with them.

    Organizations usually correspond to whole organizations, organization divisions or a separated geographical region within an organization.

    📦 Create an organization

    📝 Organization permissions

    Any user can create an organization as long as he or she belongs to a group with tenant permission “Manage Organizations” (see previous chapter, “Manage tenant permissions”).

    To create an organization, on the left pane select Organization, click Create and complete the following form.

    organization_form

    Field Description Required Editable Example
    Organization name Name of the organization Yes Yes AnyCompany EMEA
    Short description Short description about the organization No Yes AnyCompany EMEA region
    Team Name of the team managing the organization Yes No EMEAAdmin
    Tags List of tags No Yes fin,rnd,mark,sales

    The next step to onboard your IdP groups is to link an environment and add teams, check Link an environment and Add a team to an environment

    ✏️ Edit and update an organization

    On the organisation window we can check the organization metadata, as well as the environments and teams that belong to this organisation (we will come back to this in Environments and teams).

    To edit the metadata of the organisation, click in Edit and update the information. Name, description and tags are editable, however the organisation team cannot be updated.

    🗑️ Delete an organization

    🚨 Warning

    Make sure that you delete the organisation environments before deleting the organisation. Otherwise, orphan environments might run into conflicts.

    To archive an organisation, click on the Archive button next to the Edit button. A window with the previous warning will appear. If you want to go ahead and delete the organization, type permantly archive in the box and submit.