Manage access control with user roles
ECDN portal defines three roles:
- Reader - Users with this role have read-only privileges within the ECDN portal. They are not allowed to make any changes to ECDN location or ECDN server configurations.
This role is most suitable for team members who need to monitor ECDN servers during a live broadcast or get historical ECDN usage reports.
- Admin - Users in this role inherit all the privileges of the Reader role. In addition, they have the ability to changes ECDN location and ECDN server configurations. They can also add or delete any SSH keys registered in the ECDN account, which control access to the ECDN server instances. However, users in this role are not allowed to manage ECDN portal logins.
This role is suitable for most team members who are responsible for the video delivery infrastructure which includes the ECDN servers.
- SuperAdmin - Users in this role inherit all the privileges of the Admin role. In addition, they have the ability to view and manage all the user logins to the ECDN portal. They can add new logins or suspend/restore existing logins. They can also change the role assigned to each user login.
This role should be assigned to select designated "privileged" team members within the team responsible for maintaining the video delivery infrastructure which includes the ECDN servers.
Notes:
- Even SuperAdmins are not allowed to completely delete an user login via the ECDN portal. If you need to permanently revoke access of any team member, please open an ECDN support ticket. As part of the cleanup, ECDN operations team will ensure all mentions of that user login is appropriately deleted or anonymized to remain compliant with privacy regulations.
- An ECDN portal login with Admin role can add or delete any SSH key registered in the ECDN account, as SSH keys are not tied directly to an ECDN login.
- With SSH keys capability, you can now give access to other team members without giving them access to the ECDN portal.
This need is most commonly seen when members of your IT security team want to run a security scan on the ECDN servers, but do NOT need access to the ECDN portal. As and Admin you can simply add their SSH key in the ECDN portal and grant them remote SSH access. When they are done with their scans, you may revoke their access by deleting that temporary key.
- As a SuperAdmin, on the user details page, you can see a historical log of all the successful logins. Each entry includes date and time (in UTC) and public IP address from where the request was received.