Managing Access Control

The Access Control section provides information about users that have access to the JCA panel. Also, it contains the Audit Log subsection with the list of actions these users have performed.

Access Control

Go to the Access Control section to view a list of accounts which can access JCA panel. If needed, use the Search field within the tools panel to locate the required user quickly.

jca access control

Below, we’ll overview how to:

Add a New User Account

Click Add from the tools panel and provide the following data in the appeared form:

  • Login - email address of a user to be granted JCA access (should be already registered at the platform)
  • Role - account permission, which can be selected from the list:
    • view - allows accessing the Jelastic Cluster Admin panel in the read-only mode
    • admin - provides full access to the JCA features and platform admin permissions for API calls
Note: The owner and reseller roles cannot be assigned manually to a user account.

access control add admin

Click Update to add a new account to the list.

Now, it can be used for logging into the JCA panel with the same password, which is used to access the user’s dashboard.

Edit Access Level

To edit the access permissions for an account, double-click the appropriate line and select a new Role (see the descriptions in the previous step):

access control edit admin

Note: You cannot edit the owner, reseller, and current accounts.

Remove the Existing JCA User

Select the undesired JCA user within the list and click Remove.

access control remove admin

Confirm your decision to delete the permissions to access and manage JCA for the account.

Manage Mandatory 2FA for Admins

It is recommended for cluster admins to configure two-factor authentication (2FA) as an extra layer of protection from unauthorized access. To set 2FA as an obligatory requirement for admins, use the Actions menu within the Access Control tab.

mandatory two-factor authentication for admins

Here:

  • Enable/Disable Mandatory Two-Factor Auth - allows turning on/off the mandatory 2FA for cluster admins.

enable mandatory two-factor auth for admins

Within the appeared dialog, you can configure a few days delay for existing users before restricting access, as well as send the appropriate notifications. Also, it is possible to select Trusted Users.

  • Manage Trusted Users (displayed for the enabled 2FA only) - allows selecting trusted users from the automatically fetched list of JCA accounts to skip the mandatory two-factor authentication for them.

manage trusted users for two-factor auth

The current state of the 2FA feature for a particular user can be seen in the Two-Factor Auth column.

Audit Log

Open the Access Control > Audit Log section to see the table with information about the actions performed by JCA users:

  • Date - time when an operation was performed
  • User ID - unique identifier of the account, which executed the action (click to locate within the Users section)
  • Service and Method - platform API service and method used for the action
  • Data - parameters of the performed operation (hover over and click the info icon for the full view)
  • Duration - time to complete the action
  • Result - an outcome of the operation (either Success or the appropriate error)

If needed, you can specify a period of search (Start and End Date) and apply filters:

  • User ID of the account to show the logs for
  • Service Name to locate an execution of a particular API (Service + Method)

When the needed parameters are specified, click Refresh to display information.

What’s next?