Library_users

Show

When you sign-up with RightScale, you create a personal RightScale account for yourself that's associated with your email and password. You can either use this account for your own purposes or be invited to other RightScale accounts. If you do not want to create your own RightScale account, the only other way to create a Dashboard login is to accept an invitation to someone else's account. In all cases, your email address will be used as a unique identifier or username.

Preferences tab

Select your preferred timezone. Timestamps inside the audit entries will be displayed according to the selected timezone. This preference is not account-specific. RightScale will use the same timezone across all RightScale accounts to which you have access. Actions that are defined in crontab format will be based upon the selected timezone.

You can also subscribe to informational RSS feeds. Use the provided RSS link to subscribe to a feed that consolidates all of the activity across all RightScale accounts to which you have access. Similarly, you can also subscribe to an account-specific feed under the Events pane by clicking the RSS feed icon.

Password tab

Change your password. A new password must have a password strength of at least "medium" in order to be accepted.

Tips for creating a strong password:

• Make it at least 6 characters or longer
• Must use both lowercase and uppercase letters
• Include numbers and symbols
• Use punctuation marks and symbols such as "_" or "~"
• Avoid using repeating characters such as "aaabbccc"
• Avoid using simple sequences such as "12345" or "abcdef"

Password complexity is augmented with account lockout. We understand that the complexity requirements are not as strong as they potentially could be, but because we enforce account and IP lockouts, the overall controls against brute-force guessing have been effective. Our lockout policy:

• After 6 failed login attempts:
• Lockout the user account for 5 minutes
• Lockout the IP address for 1 hr
• This policy is a balance between brute-force prevention and availability. Note that if you require more granular authentication controls, we highly recommend you utilize our Single Sign-On feature.

Single Sign-On tab

The Dashboard supports federated login through OpenID. RightScale users can log into the Dashboard using an OpenID provider instead of using a password. This feature is currently in beta, and does not yet include automated account provisioning. This feature now enables the use of multi-factor authentication (MFA) through 3rd-party identity providers like Verisign. Please contact your RightScale Account Representative if you are interested in using Single Sign On and providing feedback as part of the beta.

Info tab

The Info tab shows basic information about your permissions/roles across all of the RightScale accounts to which you have access. For a complete breakdown, see the User Role Privileges matrix.

Roles

• admin - The 'admin' role includes the same privileges as the 'actor' role. However, it does not have the same permissions as other roles. For example, you will still need the 'designer' role in order to create new RightScale components (ServerTemplates, RightScripts, etc.). Only an 'admin' can run a macro of a deployment, add/change public/private cloud infrastructures and credentials, modify users' permissions, and view/edit all SSH keys.
• actor - Ability to launch, terminate, and manage instances, as well as deployments. Create/Edit/Delete cloud resources (S3 buckets, SSH keys, Security Groups, etc.) However, you can only view/edit the SSH keys that you created yourself.
• observer - Ability to view the RightScale account.
• designer - Ability to create RightScale components (ServerTemplates, RightScripts, etc.). Ability to view the MultiCloud Marketplace.
• server_login - Ability to log into servers (SSH).
• library - Ability to import objects from the MultiCloud Marketplace to your local view (collection). The ability to view the MultiCloud Marketplace requires the 'designer' role.
• security_manager - Ability to create/edit/delete Security Groups.
• publisher - Ability to create sharing groups and share RightScale objects (ServerTemplates, RightScripts, and macros) with other users. If you have a RightScale partner account, you can publish RightScale objects so that they appear under their respective Partners tab.
• billing - By default all users of a RightScale account can view billing information. You will be able to see estimated cloud usage costs. However, if you prefer to hide this information, you can file a RightScale Support Ticket requesting that the "Billing Admin-only" account setting be enabled on your RightScale account so that only users with 'admin' and 'billing' user role privileges will be able to see billing related information.
• enterprise_manager - (Enterprise only) Manages all accounts within the enterprise. Send account invitations and grant user role privileges across all accounts in the enterprise. The master enterprise account must have at least one 'enterprise_manager' user. An 'enterprise_manager' can also grant the same privileges to another user.

Settings > User > Show > Info tab

Authentication tab

The Authentication tab defines the method required by users to access the account. Two options can be selected to gain entry into an account: 'Using my email address and password' and 'Use single sign-on'.

Fields

• Using my email address and password - Allows the account to be accessed by email and password. Through this selection, the account's password can be changed.
• Use single sign-on - Allows the account to be accessed by Single Sign-On (SSO). Through this selection, the SSO Identifier can be created. When a user is logging into the account, if they have not already been granted access by the Identity Provider, they must provide the SSO Identifier on the RightScale Dashboard.

SSH tab

The SSH tab defines your SSH settings.

Session Startup
Choose how you want to launch your SSH Client Application when connecting to instances. You can use a Java applet, a Java Web Start application, or you can let your browser launch SSH by using ssh:// links.

Authentication
The Server Login Control feature provides per-user SSH access control based upon a new user role ('server_login' and 'server_superuser') and a private SSH Key Pair that either you can manage yourself or RightScale can manage for you. Requires the 'server_login' user role and instances using RightImage v5.1.1 or newer. If you???re on RightImage 5.8 or newer, you can have either 'server_login' which will allow you to log in as a user to your account with out root access or 'server_superuser' which will give you root access. If you???re have RightImages 5.7 and lower, you will need both 'server_login' and 'server_superuser' access to access SSH. This will give you access to both your user role and root access. Instead of using your cloud SSH keys for shell access, you can use a private SSH Key Pair. SSH Key Pairs are unique for each user and will be used across all RightScale accounts. By default, RightScale will manage your login credentials for you. We will create a public key for you (read-only) and keep the private key in our database. If you choose to manage your credentials yourself, you must provide your public key and the directory on your local machine (relative to your home directory, e.g. .ssh/id_rsa) where your private key will be stored. This option will ensure that only a logged in user from a machine that has the appropriate private key stored locally will be able to SSH into an instance. RightScale will use your private key to authenticate SSH access so if the private key file cannot be found, you will not be able to SSH into an instance.

Settings > User Settings > Show > SSH tab