Organization management
In balenaCloud, users manage fleets and collaborate in organizations. An organization is a group of members, teams, and fleets that is managed by one or more organization administrators. An organization can have any number of members that can be grouped into teams and granted varying levels of access to its fleets according to their assigned role.
Administrators are implicitly granted the ability to perform any possible action to the organization and its associated resources. Actions include inviting and removing members, managing fleets, teams, and billing of the organization. General members have much more limited administration capabilities and rely on Administrators to place them in teams, grant access to fleets, and more.
Each user can create or be a member of an unlimited number of organizations. A organization is automatically created upon user registration, and the user is assigned as its administrator. This organization is named after the user's balenaCloud username and is managed like any other but currently cannot be deleted.
Note: Billing applies to each organization separately. Administrators can upgrade an organization at any time to the appropriate billing plan as needed.
What can you do with organizations?
With organizations, you can:
- Invite users to an organization as members, and group them in teams.
- Manage access control at the team level, associating fleets with teams.
- Grant fleet access to teams or individual members in bulk.
- Granular access control at the fleet level to assign, modify or revoke user roles when needed.
Creating a new organization
To create a new organization, navigate to your balenaCloud dashboard and click the Organizations
tab on the sidebar.
Next, click the Create Organization
button to get the create organization modal below. Fill in the name of your organization, and you are all set. This is also the page where you can check all organizations that you have access to. The user creating an organization is, by default, given administrator access to that organization.
Only administrators can delete an organization. Alternatively, anyone can leave an organization by clicking the Leave organization
button on the organization summary page.
Managing roles & access in an organization
The roles inside the organization give granular control over access & visibility to the user. These roles can be assigned when inviting new members to your organization:
Administrator: Full access to the organization, its fleets, and all devices inside them. Administrators also have access to organization's invoices, payment methods, and subscription plan. Administrators can assign roles for incoming members, group them into teams, and grant application access to those teams with granular control over which roles are being assigned at the fleet level.
Member: Members are granted read-only access to an organization with explicit access to its fleets and teams. Administrators assign roles on the fleet level. Members have no visibility over other fleets and teams that they haven't been assigned access to.
Inviting members to an organization
With your organization created, let's invite some members. Only the administrator can invite users to an organization. To invite, click the Manage members
button on the organization summary dashboard. On the page that opens, click the Invite member
button to open the Invite organization member
modal. Here, you can either add users with their email address or with their balena username after assigning them roles in your organization. Click Add member
to invite the user to your organization.
Depending on the role assigned, they can access and manage both apps and other members inside the organization. To change a member's role, navigate to the Members
tab in the sidebar. Next, click the checkbox next to the member's name, and then go over to the Actions
button, click that, and choose Change membership
. Change the Organization role
of the desired user using the dropdown list against their username.
Creating teams in your organization
Organization members can be grouped into teams. Teams provide the means to manage members according to their function effectively. Only administrators can create, modify or delete teams.
To create a team, navigate to the Teams
page via the sidebar and click the Create Team
button. In the create team modal, enter the team name being created and click the Create Team
button.
Once the team is created, add members or grant the team access to fleets by clicking on the Manage members
and Manage fleets
buttons, respectively.
Creating new fleets under your organization
With members invited to the organization, let's get started on creating new fleets under an organization. Navigate to the fleets
tab in the sidebar (under the correct Organization if you have multiple ones) to find the Create fleet
button for creating a new fleet under your organization. Learn more about creating a fleet from the getting started guide.
Moving existing fleets to an organization
Moving an existing fleet to an organization is a common task accomplished by transferring ownership of your fleet.
Granting access to fleets
Organization administrators can grant access to fleets either directly to individual members or to teams. There are three fleet-level roles that can be assigned, Developer
, Observer
, and Operator
, which grant varying levels of access. Administrators are implicitly granted full access to all fleets of the organization.
Granting individual members access to fleets - Once you are done inviting members, click the username of the member you want to grant access from the
Members
list. On the member's summary page, clickManage fleets
. From there, click theAdd to fleets
button to add the member to one or more fleets with the desired role.Granting teams access to fleets - Teams and their members can be granted access to specific fleets from the
Organization Teams
tab. Click theManage fleets
button on the team summary page. From there, click theAdd fleets to team
button to add the team to one or more fleets available under the org with the desired roles. All team members will be granted access to the selected application(s) with the specified role per fleet.
Alternatively to remove access to fleets, for individual members or teams, you can navigate back to the respective summary page of the member or team and click the Manage fleets
button there. From the fleet list, check the checkboxes for the relevant fleets and click the Remove access
button at the top of the page.
I've got a fleet. How do I collaborate with others?
To collaborate with other users on a single fleet, you can refer to adding a fleet member using their email address or username. After adding the user, you will find them in your organization added as a member as well. Members will only have access to those application(s) in the organization that you explicitly grant them access to. You can review each member's access by clicking the member's username in the Members
list present on the organization summary page. On the page with your view as an administrator, you can check what teams and fleets the member has access to.