HeadSpin Documentation

User Management

Teams teams

This document will walk you through all the necessary commands/actions required for different operations in the new migrated style system.

The new system will have an org with an <code class="dcode">Org Owner</code> (initially <code class="dcode">Admin</code> role), <code class="dcode">HS</code> team with <code class="dcode">Super Admin</code> role in it (initially <code class="dcode">Super Admin</code> role) and <code class="dcode">Root Pool</code> (initially just one pool which was shared by all roles). Inside the org, we will have different teams. Teams are nothing but wrapper around roles. A <code class="dcode">team</code> will by default have <code class="dcode">Admin</code> and <code class="dcode">Team member</code> roles. Also each team will have its own pool and own permissions.

Creating new org

<code class="dcode">hsops org create --name=<org_name> [--support_email=<support_email>] [--domains=<domains>]</code>

This will create a new org with default <code class="dcode">Org Owner</code> role, default <code class="dcode">support team</code> and default <code class="dcode">root pool</code> created for you. The standard HeadSpin team will be added to the <code class="dcode">Core</code> role in Support Team.

You can inspect the org using <code class="dcode">hsops org inspect &lt;org_id></code> to get the org owner role id, support team id, hosts in the root pool and teams in the org.

Adding Org Owners to the org

Org Owners are the users with maximum permissions in the org. They can create/delete teams, add/remove GEOs/members in Teams. So just be careful when you make someone Org Owner. Navigate to the Admins Tab

admins tab
admins email

You can see the list of pending invite list as you go.

admins invite

Or if you prefer to use command line, you can do

hsops signup-token create --org_id=<org_id> --role_id=<role_id> [--duration=<duration>] [--uses=<uses>] [--allowed_domains=<domains>] [--email_address=<email_address>]

where role id is the <code class="dcode">Org Owner Role ID</code> which you can find after you inspect the org.

If the user already exists in the org, it will appear in the drop down list in the UI or you may also use hsops2 to do the same

hsops org-admin add <org_id> (--user_id=<user_id> | --email=<email>)
hsops org-admin delete <org_id> --user_id=<user_id>

Creating a team

Navigate to the Teams tab and as you can see, there are no teams in the org. So lets get started, Use <code class="dcode">New Team</code> to create new team

new team button

Create the team by typing in the name and description for it.

new team

Editing the team

Create Team will redirect you to teams-edit page for adding members and geos to the team.

Editing the team

Inviting members to the Team

Start by typing the email of the concerned person to invite them to the team

invite user

Choose the role for the person (<code class="dcode">Admin</code>/<code class="dcode">Team member</code>)

choose role

You will be able to see the pending invites under the pending invite list.

pending invite

Adding members to the Team

If the users already exist in the org, you will be able to see them in the dropdown list and add them directly

add users

You may also user <code class="dcode">hsops2 team-user add &lt;team_id> (--user_id=&lt;user_id> | --email=&lt;email>) [--role_name=&lt;role_name>]</code> where you can get the respective <code class="dcode">&lt;team_id></code> by inspecting the org.

Removing users from the Team

remove user

This will delete the lease of the user for the role, but it continues to stay in the org and can be added to other teams Command line for the same <code class="dcode">hsops2 team-user delete &lt;team_id> --user_id=&lt;user_id></code>

Furthermore, you can use <code class="dcode">Promote</code> to change the role of the user from <code class="dcode">Team member</code> to <code class="dcode">Admin</code> OR <code class="dcode">Demote</code> to change the role from <code class="dcode">Admin</code> to <code class="dcode">Team member</code>

<code class="dcode">Admin</code> role has the permission to add/remove users from the teams and also to write notes on the hosts. So make sure when you promote or demote someone.

Adding Hosts to the Team

Every team can have its own pool and the roles in the team will have access to only the hosts present in that team. A team can only add hosts from the hosts present in the root pool of that org. Navigate to the hosts sub tab under the teams-edit page. <code class="dcode">Add Hosts</code> will show you the list of hosts the org has access to. You can choose hosts from that list to be added to your team.

Adding hosts to the team

Removing Hosts from a Team

Removing Hosts from a Team

The roles in the team will no longer have access to that host.

To see the hosts/members of the team in the command prompt, use <code class="dcode">hsops team inspect &lt;team_id></code>

Creating users for the org

hsops user create --email=<email> --name=<name> --org_id=<org_id>

The users created will be seen under the Users tab.

Creating users for the org

If a user has signed up, you should be able to see them under this list.

Modifying permissions

Say you need to add <code class="dcode">UNIFIED_DEVICE_LIST_FEATURE</code> to the <code class="dcode">Super Admin</code> role in <code class="dcode">HS</code> team. Use this flow:

hsops org inspect <org_id>
hsops team inspect <team_id>
hsops role modify <role_id> [--enable|--disable] [--name=<name>] [--add_permissions=<permission>] [--rm_permissions=<permission>]

Inspect the org to find team_id of the HS (HeadSpin) team.

Inspect the team to find <code class="dcode">Super Admin</code> role id.

Modify the permissions of that role