Organizations

Organizations

This section allows you to create organizations to which we will later associate users, user groups, role assignments, roles, contacts and accounts in SSMCM, also allowing the customization of the SSMCM interface, incorporating the organization's logo and a CSS style sheet that modifies the design of the interface (colors, fonts, etc.) and adapts it to the needs of the client and its corporate image.

In this section we are initially shown a table similar to those we can find in other inventories or sections, with pager, filters and other actions already described as global search, by columns, filtering by columns, export, etc.

In the table we are presented by default the most relevant data for the contact, such as:

  • Name
  • Description
  • Responsible
  • Phone (link that will open application for phone call on devices that support it)
  • Address (link that will open a Google Maps location)
  • Actions

Among the actions we find:

  • View: Displays detailed information about the organization. This operation can only be performed by users with organization:read permission
  • Edit: allows you to access the edit form and edit the organization. This operation can only be performed by users with organization:write permission
  • Delete organization. Delete the organization and all its associated items (accounts, users, user groups, account groups, roles, etc.) , showing before doing so a confirmation dialog. This operation can only be performed by users with organization:write permission
  • In addition to the options already mentioned, the table actions button incorporates a button to add a new organization. This operation can only be performed by users with organization:create permission

Creation and editing of organizations:

New organizations can only be created by users with the organization:creator permission. Existing organizations can only be edited by users with organization:write permission, that is:

  • Owners (users with role organization_owner)
  • Editors (users with organization_editor role)

Form fields allow:

  • Give the organization a name (required)
  • Indicate a description
  • Determine whether to delegate administration of the organization: When delegated administration is specified when creating a new organization, or editing an existing one, SSMCM automatically creates "delegated" roles such as administrators and auditors, and a read-only role, for the global user groups of the organization to which administration has been delegated.
  • Determine whether to delegate the organization's infrastructure: When you specify the delegated infrastructure when creating a new organization, or editing an existing one, SSMCM automatically creates a "delegated" role as operators for the iCenter user group.

These role assignments are locked, that is, it is not possible to edit them.

  • Disable the local operation of the organization, that is, disable the execution of actions on inventory items and playbook de ansible of the organization's accounts.
  • Indicate the name of a person in charge
  • Indicate the phone number of the organization
  • Indicate the address of the organization
  • Add a custom logo URL (option for customization per customer)
  • Add a style sheet that modifies the styles (colors, fonts, etc.) of the SSMCM interface (option for customization by client)
  • Specify whether to include the default Ansible organization when obtaining the templates to be run on instances, and run those templates
  • Add Ansible organizations, i.e. add organizations from which Ansible templates to run on instances, and run those templates

In the organization edit form, in addition to finding the same fields described above, we can find an additional field that allows us to add owner users to the organization:

Adding users to organizations

Once the organization is created, in addition to the default groups, two role assignments are created along with their additional user groups to carry out management of the organization and the resources related to it, so both will have the organization:read and organization:write permissions, among others:

  • the organization's publishers group (organization_editor), to which the organization's creator is initially added

  • The group of owners of the organization (organziation_owner), where we can add the users who own the organization

  • Indicate which users own the organization (only in the edition of an existing organization)

We can add users to these groups in different ways:

  • When we create new users or edit the existing ones, specifying the user groups to which they belong in the User groups field of the User creation or editing form, as long as these user groups already exist in the application and are associated with the organization.
  • Editing the corresponding user groups, or by creating new users, specifying the users in the Users field of the User Group creation or editing form, as long as these users already exist in the application and are associated with the organization.
  • And exclusively in the case of owner users, editing the organization itself, specifying the users in the Organization owners field of the organization edit form, as described above.