Manage Organizations
Overview
The Organizations feature in the DoiT Console enables you to segment your data. It helps you to centrally manage your public cloud while allowing for decentralized section management.
Compared with the role based access control (RBAC) functionality that limits user permissions within a team, the Organizations feature allows you to mirror your organizational structure, business units, and other groupings within the DoiT Console.
Organizations provide tightly scoped Cloud Analytics experiences. With an organization, you scope reports to the same attributions that are used when creating the organization. Creating organizations for independent departments or groups helps to eliminate the clutter of total spend, allowing for more efficient trend and insight analysis.
Key concepts
Organization: An organization uses attributions to filter data. For members of an organization, Cloud Analytics reports only show the relevant data.
Root organization (default organization): Every company has a default organization named after their primary domain. This organization, by default, has access to all data within a company. It can be restricted by editing its attributions. When an organization is deleted, its members are placed in the default organization. This allows you to configure a restricted landing zone for users when removing organizations.
Member: Users assigned to an organization are organization members. They have access only to the data that are included in the chosen attributions (with the exception of dashboards and widgets of global scope).
- Users Manager
Create an organization
To create an organization:
Select the gear icon () from the top navigation bar, and then select Identity & access.
Select Organizations from the left-hand menu.
Select New organization.
Enter a name for the new organization.
Configure your organization
Define the scope of the organization.
Organizations use attributions to control the scope of data. You can select up to three attributions.
Assign users to the organization.
One user can be assigned to only one single organization.
Choose global dashboards that will be visible to users in the organization.
The pre-built dashboards in the DoiT Console (Pulse, AWS Lens, GCP Lens, BQ Lens, GKE Lens, Azure Lens, etc.) have a global scope. Regardless of organization, they always show data from across all accounts/projects.
To avoid exposing data outside their scope to organization members, you can choose to not select certain dashboards.
(Optional) Use the Advanced options to further specify permissions for organization members.
Disable custom dashboards: Prevents organization members from creating custom dashboards, customzing dashboards, or adding widgets. Selecting this option will cause organization members lose access to global dashboards.
Disable account dashboard: Prevents organization members from accessing the Home dashboard.
Widgets accessibility
Whether a widget is accessible to a specific user in an organization depends on two factors:
Roles and permissions of the user: The user may need special permissions to access a widget. For example, to access the support tickets widget on the Home dashboard, a user needs the Support Requester permission.
Widget scope: Most widgets have a global scope. The only way to limit access to such widgets is to select the advanced option Disable custom dashboards.
Limitations
Only the Cloud Analytics feature supports organizations.
Reports shared outside the organization are not visible within the organization.
Dashboards and widgets of global scope represent data across the company, not filtered to a specific organization. This applies also to Flexsave and Cost anomalies.