locked
How do I prevent users from creating and attaching a Windows Azure account in AppController? RRS feed

  • Question

  • How do I prevent users from creating and attaching a Windows Azure account in AppController? Ideally I'd like to be able to hide the option until we have a chance to work with our Info Security team on managing this feature.

    William Busby, PMP

    Saturday, August 4, 2012 7:17 AM

Answers

  • Hi William,

    Only App Controller Administrators can add Windows Azure subscriptions to App Controller.

    People who are not Administrators do not have the option to add Windows Azure subscriptions and only have access to the Windows Azure subscriptions that an Administrator has granted them access to. e.g you could have 20 Windows Azure subscriptions in App Controller but user1 may only have access to 3 of those subscriptions.

    Administrators control access to the Windows Azure subscriptions by using Active Directory users/groups.

    When users who are not administrators login, if they do not have access to any Windows Azure subscriptions then they will see a message that they have no access to public clouds. This is the default behavior until an Administrator creates a user role, adds users to it and then provides access to the Windows Azure subscriptions.

    Using App Controller you can avoid the need to have a shared LiveID for accessing a Windows Azure subscription since you provide access using your existing corporate Active Directory. Also, for actions that are performed within App Controller, App Controller keeps a log of those actions so you have some accountability and tracking of actions performed on Windows Azure subscriptions. e.g. seeing who does a deployment, a scale out, a delete etc. Note, App Controller is only logs the activities that are initiated within App Controller - if someone logs directly into the subscription using the LiveID App Controller won't be able to log that activity.

    Kind Regards,

    Richard


    This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, August 6, 2012 5:22 PM

All replies

  • Hi William,

    Only App Controller Administrators can add Windows Azure subscriptions to App Controller.

    People who are not Administrators do not have the option to add Windows Azure subscriptions and only have access to the Windows Azure subscriptions that an Administrator has granted them access to. e.g you could have 20 Windows Azure subscriptions in App Controller but user1 may only have access to 3 of those subscriptions.

    Administrators control access to the Windows Azure subscriptions by using Active Directory users/groups.

    When users who are not administrators login, if they do not have access to any Windows Azure subscriptions then they will see a message that they have no access to public clouds. This is the default behavior until an Administrator creates a user role, adds users to it and then provides access to the Windows Azure subscriptions.

    Using App Controller you can avoid the need to have a shared LiveID for accessing a Windows Azure subscription since you provide access using your existing corporate Active Directory. Also, for actions that are performed within App Controller, App Controller keeps a log of those actions so you have some accountability and tracking of actions performed on Windows Azure subscriptions. e.g. seeing who does a deployment, a scale out, a delete etc. Note, App Controller is only logs the activities that are initiated within App Controller - if someone logs directly into the subscription using the LiveID App Controller won't be able to log that activity.

    Kind Regards,

    Richard


    This posting is provided "AS IS" with no warranties, and confers no rights.

    Monday, August 6, 2012 5:22 PM
  • Thanks Richard. I've confirmed this behavior works as designed and I think the implementation has been well thought-out. I appreciate the responses, it clarifies quite a bit.

    William Busby, PMP

    Wednesday, August 22, 2012 11:51 AM