Skip to content

Configure Access Control

Before configuring access control in Choreo, review the Access Control Concepts.

Now, let’s walk through a sample scenario for granting access to a specific environment within a project.

Assume you are overseeing the Engineering Project within your organization and you need to grant development access to specific users solely within this project. As they are developers, you further need to restrict their access to the Development environment of the project. Here's a step-by-step guide on how to achieve this:

Step 1: Create a project

Follow the steps given below to create a project:

  1. Go to https://console.choreo.dev/ and sign in. This opens the organization home page.
  2. On the organization home page, click + Create Project.

  3. Enter a display name, unique name, and description for the project. You can enter the values given below:

    Info

    In the Name field, you must specify a name to uniquely identify your project in various contexts. The value is editable only at the time you create the project. You cannot change the name after you create the project.

    Field Value
    Project Display Name Engineering Project
    Name engineering-project
    Project Description My sample project

  4. Click Create. This creates the project and takes you to the project home page.

Step 2: Create a new group

Follow the steps given below to create a group with the name Engineering Project Developer:

  1. In the Choreo Console, go to the top navigation menu, click the Organization list, and select the organization where you created your project.
  2. In the left navigation menu, click Settings.
  3. Click the Access Control tab and then click the Groups tab.
  4. Click + Create Group.

  5. Enter a group name and group description. You can enter the values given below:

    Field Value
    Group Name Engineering Project Developer
    Group Description Users with development access within the engineering project

  6. Click Create.

Step 3: Assign roles to the group

Follow the steps given below to assign the Developer role to the Engineering Project Developer group that you created:

  1. In the Choreo Console, go to the top navigation menu, click the Project list, and select the Engineering Project that you created.
  2. In the left navigation menu, click Settings.
  3. Click the Access Control tab and then click the Groups tab.
  4. On the Groups tab, search for the Engineering Project Developer group and click the corresponding edit icon.
  5. Click +Assign Roles.
  6. In the Assign Roles to Group in Project dialog that opens, click the Roles list and select Developer.
  7. Click Selected Environments radio button under Applicable Environments

Important

Configuring the Applicable Environment for a Role to Group assignment is currently available only for selected organizations.

  1. Select Development environment from the environment selecction dropdown
  2. Click Assign. This assigns the Developer role to the group. You should see the mapping level as Project (Engineering Project) and Applicable Environment as Development indicating the type of the asssignment:

This means that you have granted developer access to users in the Engineering Project Developer group in the scope of the Development environment of the Engineering Project.

Now that you have set up access control, you can proceed to add users to the new group.

Step 4: Add users to the group

There are two approaches you can follow to add users to the group.

Add a new user as a project developer

Follow the steps given below to add a new user as a project developer:

  1. In the Choreo Console, go to the top navigation menu, click the Organization list, and select the organization where you created your project.
  2. In the left navigation menu, click Settings.
  3. Click the Access Control tab and then click the Users tab.
  4. Click +Invite Users.
  5. In the Invite Users dialog,
  6. Specify the email addresses of the users in the Emails field.
  7. Click the Groups list and select Engineering Project Developer.
  8. Click Invite.

Add an existing user as a project developer

Follow the steps given below to add an existing user as a project developer:

  1. In the Choreo Console, go to the top navigation menu, click the Organization list, and select the organization where you created your project.
  2. In the left navigation menu, click Settings.
  3. Click the Access Control tab and then click the Users tab.
  4. Search for the existing user you want to add to the Engineering Project Developer group.
  5. Click the edit icon corresponding to the user.
  6. Click +Assign Groups.
  7. In the Add Groups to User dialog, click the Groups list and select Engineering Project Developer.
  8. Click Add.

Tip

Make sure to remove the user from any other groups to avoid granting organization-level access unintentionally.

Note

  • Existing groups are already mapped to similar roles at the organization level. Therefore, adding users to those groups or keeping users in them, will give organization-level access to the users.
  • When users are added to the Engineering Project Developer group, they will only have developer access to the Engineering Project.
  • You can invite new users or add existing users to new groups within the Engineering Project, and based on their requirements, assign roles like Developer, API Publisher, etc.

Now you have successfully set up access control within your project.