User management
Overview
Organization admins can invite users and assign roles. The role determines which resources a user can create, delete, or view. For the detailed permission model, see Role-based access control (RBAC).
User.UserInvite.CREATEpermission (Owner role or equivalent)
Organizations in the commercial/public zones (*.elice.cloud) cannot self-create the organization and the first admin account. The Elice operations team provisions both during onboarding, and admins then invite additional users with the procedure on this page. Elice-integrated organizations (*.elice.io) join automatically using their Elice account and don't go through this step.
Inviting a user
- Go to User Management > User Invites.
- Click Invite User in the top right.
- Enter the email address to invite.
- Pick the roles to assign (multiple allowed; search is supported).
- Click Send invite.
The invitee completes signup through the email link and is automatically added to the organization. Invitation emails switch to Expired 3 days after they are sent, after which you need to re-invite.
When a user has multiple roles, the permissions of all of them are combined. Composing small-grained roles tends to make administration easier.
Built-in roles
Four roles are available out of the box.
| Role | Best fit |
|---|---|
| Owner | Whoever manages the whole organization |
| Contributor | Researchers and developers who create and operate VMs, storage, and networks |
| Support | Operations staff handling troubleshooting |
| Reader | Interns, auditors, external partners — anyone who only needs read access |
To create a role tailored to your organization's workflow, see RBAC > Creating a custom role.
Invitation status
User Management > User Invites shows the status of every invitation.
| Status | Meaning |
|---|---|
| Pending | Invite sent; the user hasn't accepted yet |
| Accepted | User completed signup and joined the organization |
| Expired | The invitation has aged out; you need to re-invite |
To cancel a pending invite, select the row and click Cancel invite.
Editing and removing users
In User Management > Users:
- Change roles: pick a user and add or remove roles
- Remove: remove the user from the organization (the user's account itself is kept)
- Detail view: see assigned roles and last sign-in time
After removal, the VMs and storage that user created remain in the organization. Hand them off to someone else before removing the user if needed.
Next steps
- Role-based access control (RBAC): per-role permissions and creating custom roles
- Access tokens: tokens for API access
- Audit log: tracking user activity