New Press Release Kion Showcases Vision for FinOps and CloudOps Integration at AWS re:Invent 2024 Learn more

Feature Friday Automation & Orchestration Continuous Compliance

Feature Friday: Creating a New Role with OU Permissions

David Haller

2 min read

In this Feature Friday video, we're diving into the realm of Organizational Unit (OU) permissions. Creating roles with specific OU permissions can be a game-changer when it comes to managing access within your organization.

Access Permissions and Create a New Role

  1. To begin managing permissions, go to Settings and select Permissions.
  2. Select Role to create a new role tailored to your OU permissions.
  3. Enter a name for your new role, and select Create Role.

Edit the Default OU Permission Schemes

Since we are applying permissions at the OU level, we need to edit the default OU permission schemes.

  1. Navigate to the Default OU Permission Scheme.
  2. For the two permission schemes you want to apply, select Edit from the three-dot menu.

Configure Permissions

Now, let's configure the permissions for each scheme.

  1. For "Browse OU," select your newly created role, the "OU Cloud Access Role Manager," and update the permission scheme.
  2. Next, for "Manage Descendant OU Cloud Access Roles," choose the "OU Cloud Access Role Manager" and update the permission scheme.

Verify Permissions

To ensure everything is correctly set up, let's verify the permissions:

  1. Navigate to your roles, find the "OU Cloud Access Role Manager," and view its details.
  2. Under Mapping, you should see two items selected: "Manage Descendant OU Cloud Access Roles" and "Browse OU." These confirm that your permissions are correctly configured.

Apply the Role to Users

Now that your role is set up with the desired OU permissions, it's time to assign it to the appropriate users:

  1. Go to the OU level where you want to apply this role. In the example in our video, it's "Company A OU."
  2. Click on the three dots in the upper right, and select Manage User Permissions.
  3. Find your role, "OU Cloud Access Role Manager," in the list.
  4. Select the user you want to grant this access to.
  5. Select Save to apply the role.

Test the Permissions

Finally, to ensure everything is working as intended, log out and log back in with the user who received the role. You should now see that you can access and view all OUs as per your permission settings.

By following these steps, you can confidently manage OU permissions and empower your organization with precise and controlled access to its resources. This approach ensures that users have access to the right Organizational Units, promoting efficient and secure operations within your system.

About the Author

David Haller

David is a Technical Account Manager at Kion.

Start your cloud operations journey.

Request a demo today,