You may want to limit the Developer teams’ access to only their team’s controller while giving the Tester team access to both. This configuration protects teams from unauthorized users accessing their credentials and artifacts while still empowering a trusted team to access only the resources they need. Within the controller itself, administrators can also set up specific permissions to restrict access on certain objects, such as a folder containing a "secret" internal project.
In this scenario, the administrator will configure permissions on two folders that exist on Controller-1 - the developers-team-A-folder, which is restricted to only the developers-team-A-group as a "secret project", and another-folder, which will be accessible by everyone logged into the instance.
To achieve this, the administrator will configure the following groups and roles on the following controllers:
Context | Group | Role(s) | Member(s) |
---|---|---|---|
ROOT |
internal-oc-read-group |
|
|
Controller-1 |
|
|
|
Controller-1 |
|
|
|
Controller-1/developers-team-A-folder |
|
|
|
Controller-2 |
|
|
|
Once these settings are configured any member of the internal-developer-team-A-group who logs into operations center will only be able to access to the Controller-1/developers-team-A-folder.