Am I feeling about the need for refreshing my knowledge on the abundance of options to manage and access control of user community over the usage of products, tools, applications is critical?
How my Organization users should leverage the Access control & Permissions across user groups in compliance with security?
Yes!! We will see here and refresh on how Turbonomic continuously extend its RBAC (Role Based Access Control) framework for its end user organization
RBAC – An Introduction in Turbonomic
Role Based access control (RBAC) for any Product, Application… is an essential security and compliance model to be used within an Organization. Their extended capabilities helps to easily scale and balance the usability, security and compliance
Turbonomic considers its Role Based Access Control a foundational framework, that could be used by any of its Customer Organization with broader security model and compliance strategies and expected to be highly modular and scalable
Modularity is achieved with the provisioning of various User roles and their permissions control tightly coupled between each other. Helps to achieve the segregation of User groups and role assignments
How Turbonomic sees the effectiveness of RBAC usage
Balancing between the Security, Compliance needs and providing the capability around access control model, the adoption becomes effective due to its simplicity and scalability
Simplicity?
- Keeping the Roles which are essential and easy to manage, with right naming conventions
- Roles & Permissions inheritance, where the access controls are embedded within every roles
Scalability?
- Extension of User roles and managing permissions easily relatable with existing roles
- Example is the Role “Parker” which was a new role extended from the model, that inherits the access control and limits functional capability for only ”Parking” feature
Read more:
Manage User accounts: https://www.ibm.com/docs/en/tarm/8.15.x?topic=tasks-managing-user-accounts
Configuring User Groups for SSO authentication https://www.ibm.com/docs/en/tarm/8.15.x?topic=accounts-configuring-group-sso-authentication
User Roles and Permissions: Let’s Understand
Users are the actual personas who perform the End user functions in the Product itself. A user who is assigned to a specific Role or Group that defines a collection of permissions tied to perform a function
Context reference with “Parking” Feature: User roles & their access control (Permissions against every feature)

User Personas with RBAC
In the context with Organizations using SSO integration with Turbonomic, you begin with the assignment of end users into appropriate Turbonomic roles based on the permission levels required.
With the above roles & permission matrix as a reference, lets imagine the need of the following user personas would like to perform Parking functions in Turbonomic.
- Cloud IT Admin would like to perform Cloud accounts Onboarding, permissions management, license update and maintenance
- DevOps & FinOps leads, who would like to manage only Parking actions and have the complete control over Parking schedules
- Analyst, Project Managers, who would want the overview of workloads usage, performance, savings in the form of dashboards, widgets & reports

Let’s Onboard the Users to perform Admin and Parking functions
Scenario: Two different user groups in the Customer organization needs to perform Parking actions (Scheduling, Manual toggle) on their own unique resource/workload scope
Turbonomic Customer Organization has,
- Team A consisting of total 10 users, who belongs to 2 different teams/groups that manages parking for AWS EC2 (Turbonomic Workload Type: VM) & Auto Scaling Groups (Turbonomic Workload Type: VM Spec) in the AWS Account 1
- User Organization has Azure AD SSO integration with Turbonomic
Solution A:
- Create Workload Groups (Settings --> Groups --> Add Group (Group Type = Virtual Machine) – Say, Parker_Group_1 & Group 2 for ASGs (Group Type – Virtual Machine Spec) for the AWS Account 1
- Create two Turbonomic External User Groups (1 & 2) & assign their Group Role as “Parker”
- External Group 1 with 5 Users to be attached with EC2 VMs scope (Parker_Group 1)
- External Group 2 with another 5 users to be attached with ASGs scope (Parker_Group 2)
Solution B:
- With the two Workload Groups in place, Create 10 External user accounts
- Assign 5 External user accounts to the, Parker_Group_1 scope
- Assign the other 5 External user accounts to the, Parker_Group_2 scope
Expected Result
Users from the same Org and has visibility across all Cloud resources in the same AWS account, will have separate/distinct scope to the range of cloud resources and able to execute Parking actions only on them, track value (Realized$ Savings, Usage efficiency improvement)
Now: <8.16.3 Turbonomic version
Onboarding the Org to perform Parking functions with reference to the table below, resulting with the following behaviour
- Parking_User1, 2 & 3 and the users added to the Parking_Group1 would be assigned to “Parker” role and able to perform entire Parking functions to the range of resources scoped to them
Result: Parking functions includes: Manual Toggle, Create, Edit, Detach, Attach & Delete Parking schedules
Need for more flexibility? Yes, Expansion of Parking User Roles
To Be: From 8.16.3 Turbonomic version

- Parking Administrator --> Full scope of Parking functions
- Parking Automator --> Limited scope of Parking functions, as given in the table below

Who will benefit?
All the Turbonomic users will get these new roles and they become a part of the RBAC user roles and group roles. Enabling the options to the need of comprehensive access controls and to the granularity of the features and its functions. This feature is highly scalable and cater the custom access control needs of the user organizations

Explore Feature Documentation: Parking Roles & Permissions - Enforcing actions

Try Turbonomic: For your organization to optimize performance and cloud costs to drive value https://www.ibm.com/products/turbonomic
--- For more feedback/Add Ideas..