Access Control - csap-platform/csap-core GitHub Wiki
CSAP has extensive and easily accessed audit trails that enable collaboration and non-repudiation. This enables teams to be highly flexible when assigning access to production systems consistent with DevOps.
| Role | Access | Recommend Members |
|---|---|---|
| build | able to deploy new software artifacts - sevices, JDK, etc. | Production should be tightly controlled to ensure policy based processes are followed, typically only members of the release management team are assigned to the build role. Non-prod systems can be much more flexible based on needs of individual teams. Typically the entire team will have access in dev, with technical lead have in all non-prod |
| infra | Application definition operations | By default - all members with build access will have access to perform definition related activities. These include modifying parameters to services, adding new hosts, etc. Large team may prefer to have dedicated team members to facilitate non-trivial changes. |
| admin | start/stop troubleshooting | CSAP admin commands are designed to be low impact and easily recoverable. Typically production systems will delegate to assigned Production Support team and Tech leads. All non-prod are typically fully accessible by all team members. |
| view | View trending and real time data, View & Search logs, View OS/Service states via HostDashboard | To ensure collaboration across the entire company - it is strongly recommended that view access is granted to any authenticated user. |