Roles and permissions

Roles in Silverstripe Cloud are used to ensure a good workflow exists between a web team and their customer. They restrict access to certain parts of the infrastructure and permit only selected users to perform some actions, such as deployment to production or accessing production data. Roles are structured in a hierarchy, with permissions being inherited upwards from a Team Member up to Stack Manager. A Stack Manager can give team members more permissions on the Stack Team page. For example, a Stack Manager could provide a team member permission to deploy to production or access production snapshots.

Non-trivial requests that come at a financial cost or pose an outage risk to the production environment, Silverstripe Cloud will obtain approval for the change. Depending on the nature of the request, the recipients may include the Stack Manager or Relationship Manager. Such requests may include adding or removing a stack, changing the Disaster Recovery level, updating file permissions, or low-level upgrades to the LAMP stack.

Roles

Stack Manager

Stack Managers have financial and contractual authority over the stack. As a rule of thumb, a Stack Manager is needed to perform any changes with financial impacts, such as changing the stack size or approving an estimate.

Only Stack Managers have the ability to add, remove, define roles and permissions for each member. Stack Managers have the ability to approve deployment changes, although typically a Release Manager takes on this duty.

Release Manager

Release Managers can either be technical or non-technical. Their main role is approving changes relating to the environments on a Stack, but these can also be approved by Stack Managers.

Deployer

Deployers are usually lead or senior members of the development team. They have sufficient knowledge to formulate proposals for changes with uptime or feature impact, such as modifications to environment variables, SSL certificates, creation of Virtual Stacks and changes to the whitelist.

If circumstances warrant it, Deployers can bypass the approval process.

Team Member

Everyone else working on the Stack is a Team Member. Team Members can snapshot and deploy to UAT & test environments directly, as well as request deployments to production. They cannot bypass the approval process.

Permissions

  UAT1 Production1 Configuration2 Temporary CMS access Add/Remove Users Modify Stack Service Desk access
Stack Manager
Release Manager


Deployer


Team Member




  1. Includes access to server logs for this environment.
  2. Includes configuration of variables, domains, SSL and whitelists.

Was this answer helpful? Yes No

Sorry we couldn't be helpful. Help us improve this article with your feedback.