Chapter 12 - Cloud Users & Roles
There are several actors typically involved in cloud solutions from a business perspective. Their roles and responsibilities and their relationships with other actors would vary based on the industry. The business actors responsibilities is to make appropriate cloud investment decisions. Once an organization has started with cloud, then are some typical actors that are involved in the day to day operational consumption and provision of cloud services. This chapter is more focused on the latter and not on the business actors which typically includes the people like CIO/CTO/COO, Business Operations Controller as well as Procurement Managers.
Following are some of the key organizations that are typically involved in a cloud solution. The actors and roles are then defined for users under each of these key organizations.
Cloud Service Consumer: The service consumer is the end user or enterprise that actually uses the cloud service.
Cloud Service Provider: The service provider delivers the service to the consumer.
Cloud Service Creator / Developer: The service developer creates and publishes the cloud service.
These provider organizations, the typical roles and their associated activities is discussed in detail in the Cloud Use Cases Whitepaper and Dave Russell has an open thread on Cloud Computing Central to discuss these in detail.
Out of all the roles across all these organizations, the key roles from an implementation and operation perspective are the following.
Cloud Administrator who can perform the following tasks:
- define new teams, user accounts and their associated roles
- register and unregister software images
- allow resource allocations and changes
- check the status of projects and monitor the servers for all users
- approve or deny provisioning requests made by team administrators
Cloud User who can perform the following tasks:
- view the projects available for them
- Check the status of the service/servers provisioned for them
- Log in and use the provisioned resources (for example servers and applications)
Accordingly Tivoli Service Automation Manager provides two different user interface for these two different and key roles for the cloud – An administrative User Interface and a self-service user Interface. Find details here.
There are variations of these two roles depending on the Cloud Provider and Consumer Organization design. These are roles like
Cloud Manager role which is mostly like the read-only administrators of the cloud and can check the status of projects and monitor the cloud services for any team
Team Administrator role can perform the tasks for a group of users like creating and maintaining user accounts as well as placing requests on behalf of the project.
These business specific roles then need to be mapped to application roles like Service Administrator, Service Definition Designer/Manager, Service Deployment Operator and Manager, etc. The security framework implementation should take care of these roles mapping. The security function of Tivoli Service Automation manager enables to manage which users can log into the user interface and which applications each user can access. The broader discussion on security specifically authentication followed by authorization shall be discussed as a separate chapter.