Skip to content

Managing Users and Permissions

This section describes how to manage developers for your tenant. MindSphere separates between the users on the platform itself that are allowed to access the Launchpad and applications and users within Cloud Foundry. The Settings UI enables you to assign permissions and roles to your employees.

Prerequisites

The described actions require the following rights:

  • You are Tenant Admin.
  • You have the OrgManager role for your Cloud Foundry Org.
  • You have installed Cloud Foundry CLI.
  • The developer to be added has logged into Cloud Foundry via the CLI at least once.

Info

Upon tenant creation, only the Tenant Owner has the role OrgManager assigned, which allows to access the tenant's Cloud Foundry Org. All other users have to be assigned a role by an OrgManager or SpaceManager. Thus, if you are not able to access your Org, consider to contact your Tenant Owner.

Invite developer to your tenant by Settings application

A user with Developer roles is able to access the Developer Cockpit and manages application versions and registration workflows.

Adding users

  • Go to your Launchpad and open the Settings.
  • Open "Users" and click on plus symbol to add new user.
  • Enter the e-mail address of the new user.
  • Confirm your entry with "Save User".

The user receives the link for accessing MindSphere tenant via e-mail.

Assigning developer roles to user

To access the Developer Cockpit you must assign user mdsp:core:Developer or the mdsp:core:DeveloperAdmin role.

  • Go to your Launchpad and open the Settings.
  • Open "Users" and select the new user.
  • Select "Edit" in the editing function field.
  • Assign the corresponding unassigned role (mdsp:core:Developer or mdsp:core:DeveloperAdmin) to the user.
  • Click on "End editing"

Developer(Developer and DeveloperAdmin) roles are successfully assigned to user.

Add a developer to your tenant via CF CLI

Cloud Foundry on AWS can be fully managed using the Cloud Foundry CLI and is integrated with WebKey as an identity provider. This allows developers to sign in to Cloud Foundry with their normal MindSphere account. During the order process of an MindSphere DevOps Plan (Developer/Operator) the designated administrator gets automatically the admin privileges assigned for the Cloud Foundry Org. But you are currently required to use the CF CLI if you want to add any additional developers.

Steps to add developer to Cloud Foundry Org and Space

  1. Open a command line interface (CLI).
  2. Configure the proxy settings, if necessary.

    Click here for detailed information on proxy settings

    If you are in a company network behind a proxy, you may have to set the proxies to reach the Cloud Foundry endpoints. Contact your administrator, if you face any timeouts or connectivity problems.

    Set the proxies for the Cloud Foundry CLI as shown below:

    1
    2
    set http_proxy=http://PROXY_IP:PROXY_PORT
    set https_proxy=http://PROXY_IP:PROXY_PORT
    
    1
    2
    export http_proxy=http://PROXY_IP:PROXY_PORT
    export https_proxy=http://PROXY_IP:PROXY_PORT
    
  3. Enter cf login -a https://api.cf.{region}.mindsphere.io --sso.

  4. Open the URL printed by the CLI and log in using your WebKey credentials to get a One Time Code.
  5. Enter the One Time Code in the CLI.

  6. Select your Cloud Foundry org.

  7. Use the following command to add the developer to your Cloud Foundry org:

    1
      cf set-org-role {user_name} {org_name} {role}
    

    Info

    A user must have the Cloud Foundry role SpaceDeveloper to push an application.

  8. Alternatively, use the following command to add the developer to a particular space:

    1
    cf set-space-role {user_name} {org_name} {space_name} {role}
    

The developer has the assigned access permissions for the Cloud Foundry org or space.

Cloud Foundry Access

The creation of the account does not automatically grant access rights to your Cloud Foundry org. However, the newly created user can already login in the Cloud Foundry environment. After the successful login the user is known in the Cloud Foundry UAA and the Org-Manager can assign either Org or Space rights. See the Cloud Foundry Howto

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.