Managing Access Rights
A more technical look at the details regarding Service Account management.
Last updated
Was this helpful?
A more technical look at the details regarding Service Account management.
Last updated
Was this helpful?
Service Accounts are designed to be flexible enough to accommodate most organizational structures. They can be given access to any number of projects or organizations as required, with a specific level of permission in each. The access rights hierarchy can be summarized in a few points.
A is created under a project which becomes its owner.
A Service Account can be a of other projects and organizations.
The Service Account membership is assigned a for that project or organization.
A role provides the member with within the related project or organization.
When first creating a Service Account within a project, the Service Account will not be a member of any projects or organizations, including the owning project. In DT Studio, the “Role in current Project” option will show as “No access” and can be changed to give the Service Account access to the resources in this project.
In your project, navigate to the API Integrations -> Service Accounts page. Locate the Service Account you wish to remove, then click the Remove button.
A single Service Account can be a member of several projects and organizations. These members are unique and independent from each other, allowing for different roles to be assigned.
If you do not possess a Service Account with sufficient access rights, new Project members must be added by an existing Project Admin in DT Studio or through the APIs.
In your project, navigate to the Project Settings page. Here, using the email of the target Service Account, select a role and click Invite Member. This can be changed later.
In your project, navigate to the Project Settings page. Locate the member you wish to remove, then click the Remove button. For reference, see the image under New Project Member.
If you do not possess a Service Account with sufficient access rights, new Organization members must be added by an existing Organization Admin in DT Studio or through the APIs.
In any project, navigate to the Administrators page. Currently, the only role available for an organization member is organization.admin
, hence the naming conventions used in DT Studio. Using the email of the Service Account you wish to add, click Invite Administrator.
Note that an organization.admin
will obtain the same permissions as a project.admin
in every single project under the organization in question.
In any project, navigate to the Administrators page. Locate the member you wish to remove, then click the Remove button. For reference, see the image under New Organization Member.
A role contains permissions that determines which actions a member is authorized to perform on a specific resource in DT Cloud. To make permissions available to members, you grant them the role that provides the desired set of permissions.
The following roles are available.
project.user
project.developer
project.admin
organization.admin
Please refer to our introductory guide on .
Once the package is installed and authenticated as described in the , a Service Account can be deleted by calling the following resource method.
A User or Service Account must have the of Project Admin or higher to manage members.
A list of all available parameters can be found in our and a list of all roles and their permissions under the subsection on this very page.
Once the package is installed and authenticated as described in the , a new project member can be added by calling the following resource method.
Once the package is installed and authenticated as described in the , a project member can be removed by calling the following resource method.
A User or Service Account must have the of Organization Admin or higher to manage members.
A list of all available parameters can be found in our . Currently, the only role availbale is organization.admin
.
Once the package is installed and authenticated as described in the , an organization member can be added by calling the following resource method.
Once the package is installed and authenticated as described in the , an organization member can be removed by calling the following resource method.
Roles can be managed by users or Service Account Members with an assigned role of Project Administrator or Organization Administrator for projects and organization levels. The role of a member is managed in the same place where the member itself is managed. See the section for details on where this is located, or use our REST API endpoint for Membership and Access Control.