OEM Cloud instance
In contrast to the public cloud, an OEM cloud instance is managed by the instance administrators of an OEM. As a rule, only an instance administrator can create new cloud projects and add other people to the cloud instance. An instance administrator can also make further settings to the cloud instance.
Instance settings
The dialog with the instance settings can be opened via the management navigation by clicking on Settings and is structured into the following sections:
| Admins | For adding and removing instance administrators. |
| Service User | For adding and removing service users. |
| User roles | To add further user roles (see Extended user roles). |
| API |
For controlling the cloud instance via REST API. The REST API must first be activated by the operator. |
Instance Administrator
Instance administrators are users with extended privileges within an OEM Cloud instance. They are responsible for the basic management of the instance and can perform the following tasks, among others:
- Configure instance settings
- Create / delete projects
Service User
Service users are typically employees of the OEM customer who work on projects and whose access should be centrally managed.
- All service users automatically gain access to all projects for which service access is enabled.
- For each service user, the user role for project access can be defined individually.
-
Additionally, a service user can be manually added to a project via the user management.
In this case, the manually assigned project role is applied and overrides the assigned service user role.
Extended user roles
Further levels can be added to the default user roles. The extended user roles can be used to restrict access to certain views and only allow access for certain groups of people. As soon as a name has been entered at the desired level, the new user role is available in the entire cloud instance. All rights are inherited from the previous default user role.
As can be seen in the image, there is a new user role Extended User. This role inherits all the rights of the role User. Access to a view can therefore be restricted without having to assign the next higher default user role to the relevant group of people.
Note: The roles should be extended with caution. The corresponding level is always saved.