We’ve been thinking a lot about how companies and teams work together on balenaCloud, and wanted to make it easier to collaborate without sacrificing control or security. The result of our work is a new top-level feature called Organizations.
With this release, Organizations become central to device, application and user management across our platform. Now, when you invite team members to collaborate, you can fine-tune their access to your balenaCloud applications.
Why this matters and how it works
We created Organizations to reflect how our users work and collaborate on projects. For example, a company might create an organization called “Supertech Ltd.,” and create teams that distinguish certain types of users, like developers, from other types of users, like field operators. They should also be able to add specific team members to these teams, and grant these teams access to specific applications within that balenaCloud Organization.
Organizations become the umbrella over all aspects of collaboration with flexibility to share as much or as little as you want with your team members.
Creating an organization
In the following example, I created a new organization called “Supertech Ltd.” and added 20 applications. Creating a new organization is done under the main “Organizations” menu and clicking “Create organization”:
Under that new organization, I can then create applications that will belong to “Supertech Ltd.”:or transfer applications from other organizations by using the “Transfer application ownership” under any application’s “Actions” menu:
Alternatively, you can transfer applications from other organizations by using the “Transfer application ownership” function under any application’s “Actions” menu:
Now, I have 20 applications under my new “Supertech Ltd.” organization:
As the organization creator and administrator, I’m added as a member by default, but collaboration really begins when you add members to an organization. You can assign Administrator rights to give full access to the organization and its applications, or Member rights to give read-only access to the organization with explicit access to its applications and teams.
You can add members by using the “Organization Members” menu, which will add them to your organization or by navigating to an application and clicking on the “Member” button. Adding users directly to an application automatically adds them to its organization.
Members can be given different levels of access rights to applications, including Observer, Operator, Developer and Administrator.
- Observer -- Read-only access to applications and their devices.
- Operator -- Everything Observers can do, plus full access to devices, including the ability to SSH into devices, add and delete devices, and manage device environment variables. (paid plans)
- Developer -- Everything Operators can do, plus full access to the application code, including the ability to push updates, create releases, download images, and manage application environment variables.
- Administrator/Owner -- Full access to the application, including the ability to manage application members, and delete the application.
To make it easier to add people to an organization, we've made it so you can invite both existing and non-balenaCloud users by entering an email or username. Users invited by email receive a link to login or signup, and are immediately added to your organization. You can also assign administrator or member rights before you send the invitation:
With new members and applications added, the “Supertech Ltd.” I created now has three members and 20 applications:
To set up more granular control, I’ve created a team called “Developers” in “Supertech Ltd.” to narrow the scope of who has access to what. Here, I’ve added two members and a single application called
By adding the team, I’ve given these two members access to the
balena-dash application in “Supertech Ltd.” In order for users to be able to see other apps, they have to be an organization administrator, or be explicitly granted access though a team or application membership.
Better control over application access
See the whole crew
The new organization and team summary views let you to see details about your members and applications, and a “Pending invitations” list shows all your collaboration invitations that haven’t yet been accepted:
For users of the balenaCloud free tier (<10 devices), the new organization features are free, though user role choices for Starter application members are limited to Developer and Observer. Paid users also have access to the Operator role.
Dashboard upgrades place organizations first
This new organization structure is reflected in key changes to the balenaCloud dashboard. The sidebar now displays both Application and Organization menu buttons:
As you move through the dashboard, the navigational breadcrumbs have changed, too, showing Organizations at the top level (and not Applications). That means...
How to start using Organizations
Existing balenaCloud users will automatically see their username as a default organization. You’ll notice applications and members you’ve added previously will appear in various menus (you don’t need to re-add them) and they retain access rights you already assigned. You can also add existing applications and members to your default organizations or create new ones. Either way, you can then create teams to better organize your projects.
As a new balenaCloud user, you might create organizations that mirror your existing development workflows, add teams, and assign each team specific members and applications. That way, you’ll be organized from the beginning, able to customize the rights for all your colleagues without worry.