docs

Synadia Platform

Managing Access

Control Plane is a multi-tenant application allowing owners of NATS systems, accounts, and client applications to get visibility through a central interface.

People

When initially configured and deployed, Control Plane will have a single user with Admin permissions. Depending on the scale and diversity of your organization's NATS usage, there will be a need to register additional people to Control Plane.

The two primary reasons include:

  • Providing NATS account or applications owners visibility
  • Ensuring owners have one or more people to fallback on

Inviting a person

A person within your organization can be invited by an Admin, following these steps:

  1. From the home page, click on the People tab
  2. Click the Invite Person button
  3. Enter the person's Full Name, Username and select a Role
  4. Click the Invite button

Upon submitting the form, a confirmation dialog will appear with a link. Share this link with the person privately. The person will be able to set their password once they navigate to the link.

Assigning the Admin role will give this person full access to Control Plane. It is recommended to use the App User role and explicitly assign the person to the system or account they will be managing.

Removing a person

A person within your organization can be removed by a Application Admin, following these steps:

  1. From the home page, click on the People tab
  2. For the target person, click the Actions ellipsis
  3. Click Delete to open a confirmation dialog
  4. Confirm you have the correct user to remove and click Delete

Roles

Control Plane comes with several pre-defined roles that can be used while onboarding people.

  1. System Admin - Read and write access to a system, including server metrics, and access across all accounts
  2. System Observer - Read-only access to a system, including server metrics, and read-only access across accounts
  3. Account Admin - Read and write access to a single account and its users
  4. Account Observer - Read-only access to a single account and its users
  5. Credential Downloader - Ability to download NATS credentials within an account

For more information on how to create new roles and modify the defaults see Authorization configuration

Assigning a system role

Assigning a person to a system role can be completed as follows:

  1. From the home page, click the Name of the target system
  2. Click the Access tab
  3. Click the Add User button
  4. Select the Person and select a Role
  5. Click the Save button

Assigning an account role

Assigning a person to an account role can be completed as follows:

  1. From the home page, click the Name of the target system
  2. Click the Accounts tab
  3. Click the Name of the account the person will be assigned to
  4. Click the Access tab
  5. Click the Add User button
  6. Select the Person and select a Role
  7. Click the Save button

Assigning a user role

Assigning a person to a user role can be completed as follows:

  1. From the home page, click the Name of the target system
  2. Click the Accounts tab
  3. Click the Name of the target account
  4. Click the NATS Users tab
  5. Click the Name of the user the person will be assigned to
  6. Click the Access side navigation link
  7. Click the Add User button
  8. Select the Person and select a Role
  9. Click the Save button

Updating a system role

Updating a person from a system role can be completed as follows:

  1. From the home page, click on the Name of the target system
  2. Click the Access tab
  3. For the target person, click the Actions ellipsis to view a drop-down
  4. Click the Update option to open the edit panel
  5. Set the desired Role
  6. Click Save

Updating an account role

Updating a person from an account role can be completed as follows:

  1. From the home page, click on the system containing the account
  2. Click the Accounts tab
  3. Click the Name of the target account
  4. Click the Access tab
  5. For the target person, click the Actions ellipsis to view a drop-down
  6. Click the Update option to open the edit panel
  7. Set the desired Role
  8. Click Save

Updating a user role

Updating a person from a user role can be completed as follows:

  1. From the home page, click on the system containing the account
  2. Click the Accounts tab
  3. Click the Name of the target account
  4. Click the NATS Users tab
  5. Click the Name of the target user
  6. Click the Access side navigation link
  7. For the target person, click the Actions ellipsis to view a drop-down
  8. Click the Update option to open the edit panel
  9. Set the desired Role
  10. Click Save

Revoking a system role

Revoking a person from a system role can be completed as follows:

  1. From the home page, click on the Name of the target system
  2. Click the Access tab
  3. For the target person, click the Actions ellipsis to view a drop-down
  4. Click the Revoke option to open a confirmation dialog
  5. Confirm the person and click Revoke

Revoking an account role

Revoking a person from an account role can be completed as follows:

  1. From the home page, click on the system containing the account
  2. Click the Accounts tab
  3. Click the Name of the target account
  4. Click the Access tab
  5. For the target person, click the Actions ellipsis to view a drop-down
  6. Click the Revoke option to open a confirmation dialog
  7. Confirm the person and click Revoke

Revoking a user role

Revoking a person from a user role can be completed as follows:

  1. From the home page, click on the system containing the account
  2. Click the Accounts tab
  3. Click the Name of the target account
  4. Click the NATS Users tab
  5. Click the Name of the target user
  6. Click the Access side navigation link
  7. For the target person, click the Actions ellipsis to view a drop-down
  8. Click the Revoke option to open a confirmation dialog
  9. Confirm the person and click Revoke

API reference

Assigning a user

Assigning a user to a system as an administrator:

curl -X POST "{API_ENDPOINT}/api/beta/systems/{SYSTEM_ID}/app-users/{APP_USER_ID}" \
 -H "content-type: application/json" \
 -d '{"role":"Admin"}'

Assigning a user to an account as an observer:

curl -X POST "{API_ENDPOINT}/api/beta/accounts/{ACCOUNT_ID}/app-users/{APP_USER_ID}" \
 -H "content-type: application/json" \
 -d '{"role":"Observer"}'

Assigning a user to user credentials:

curl -X POST "{API_ENDPOINT}/api/beta/nats-users/{NATS_USER_ID}/app-users/{APP_USER_ID}" \
 -H "content-type: application/json" \
 -d '{"role":"User"}'

Revoking a user

Revoke a user from a system:

curl -X DELETE "{API_ENDPOINT}/api/beta/systems/{SYSTEM_ID}/app-users/{APP_USER_ID}"

Revoke a user from an account

curl -X DELETE "{API_ENDPOINT}/api/beta/accounts/{ACCOUNT_ID}/app-users/{APP_USER_ID}"

Revoke a user from credentials

curl -X DELETE "{API_ENDPOINT}/api/beta/nats-users/{NATS_USER_ID}/app-users/{APP_USER_ID}"
Previous
Creating a System
Next
NATS Account and Credential Management