Cloud Manager custom permissions

Transcript

Welcome to this video on AM Cloud Manager custom permissions. Today we’ll guide you through setting up custom permissions in AM’s Cloud Manager, tailored for streamlined project management and deployment. In Cloud Manager, you oversee a variety of AM resources, including programs, environments, pipelines, and much more. Our focus is to ensure specific teams have access only to the resources they need. Let’s demonstrate this by setting up custom permissions for our team of weekend developers, allowing access exclusively to the weekend program and related development resources like dev environments, rapid development environments, pipelines, logs, and the git repository. In order to do this, we’ll head over to Adobe’s admin console and make sure that we’re logged in as a system or AM product administrator. From here, tap on Products, and then tap on the AM product. And then select the Cloud Manager product instance. In the Cloud Manager product instance, you’ll see a handful of predefined product profiles like business owner, program manager, deployment manager, and developer. Each of these product profiles corresponds to the named role and has specific, however coarse-grain permissions for tasks like managing environments, accessing pipelines, and deploying code. That said, these out-of-the-box product profiles provide permissions across programs, whereas we want to create a more fine-grained control for our weekend developers team, such that they can only access the weekend development resources in Cloud Manager. So the first thing we need to do is create a new product profile, and let’s simply call it weekend developers. In this product profile, tap on the permissions tab. In here, you can see a list of all the permissions that are available to be assigned to this role. Let’s start by adding a permission that allows users of this new weekend developers product profile to only access the weekend program, but no other programs. So for this, we can select the program access permission, and then select the weekend program from the available permission items list. Now we can see the weekend program is added to the list of included items on the right. From the screen, we can continue to add more permissions. Next, let’s allow these developers to read environment logs. For this permission, we can select the log access for all environments in the weekend program by selecting the program itself, or if we wanted to, we could select specific environments. But let’s give our developers access to all logs in the weekend program so they can more quickly help debug any issue that might arise. So we’ll select the weekend program here. Same thing goes for rapid dev environment reset. We can select the weekend program so developers can reset any RDEs in the weekend program. Next, let’s give these developers access to the non-production pipelines in the weekend program. It’s easy to find the appropriate pipelines by filtering the list of pipelines by the weekend program name, and then reviewing the pipeline names, which are the bit of text after the colon in the label. We’ll do the same thing for pipeline execution starts. As well as pipeline execution cancels. Lastly, we’ll give these developers access to the git repository for the weekend program, which allows the users to access repository info and generate access passwords. Okay, that looks pretty good. Let’s save these changes. Back on the permissions tab, we can see that our permissions list has updated with a summary of the permissions we just added. So the last thing we need to do is assign users or user groups to this product profile. I’ll add a user. I’ll head over to the user tab. Find my user. And add them. What this looks like for this user that we just added and is now part of the weekend developers and should have all the custom permissions we just set. Over here, I’ve logged in as this user in a news browser already. So let’s head over to Cloud Manager. In Cloud Manager, we can still see a list of all the programs. However, this user can’t click into any of the programs except for the weekend program, just like we permissioned. Clicking into the weekend program, let’s take a look at just a few of the permissions we set. As you can see, the production pipeline’s actions are disabled. However, we can run or edit the dev-related pipelines. So let’s go in and make a quick change. Alright, we did configure a few other permissions such as log access and git repository info access, but we’ll leave those for you to explore. Alright, I hope this video helped you understand how Cloud Manager custom permissions work. Now you’re ready to use these features in AEM to optimize your team’s workflow with customized Cloud Manager permissions. Thanks for watching.