DigitalOcean announces enhanced role-based access control
DigitalOcean Holdings, Inc. today announced updates to its role-based access control (RBAC), a method for managing user access to systems and resources within an organization by assigning permissions to roles rather than to individual users. Today’s updates are highlighted by a new set of predefined roles that make it easier for DigitalOcean administrators to provide a customizable level of access to their individual users. With this feature release, customers can now easily access this new set of predefined roles in the DigitalOcean Cloud Console.
RBAC builds on identity and access management (IAM), which helps to ensure the right individuals have the appropriate access to technology resources within an organization. With RBAC, users are assigned roles based on their job responsibilities, qualifications, and expectations. The new predefined roles announced today build on the existing basic roles (owner, member and biller), and are designed to fit the most common use cases requested by customers. They include:
-
Modifier: This role permits users to update but does not allow them to delete resources. It is ideal for teams that wish to protect sensitive resources from deletion while still allowing members to manage them.
-
Billing viewer: Permits read-only access to billing information only, giving users insight into billing details for cost analysis, transparency, and governance without exposing sensitive operational controls.
-
Resource viewer: This role permits read-only access to resources, ideal for audit or compliance purposes. Users with this role will not have permission to create, update, or delete resources.
This approach simplifies permission management and helps to enhance security by ensuring that users have only the access necessary to perform their job functions.
“Scaling your business means adding developers and other job functions to your teams, but we believe that should not mean adding complexity in managing identity and access. With our new predefined roles, you can assign privileges in a way to minimize risk, and meet audit or compliance requirements,” said Tyler Healy, CISO at DigitalOcean. “We’re excited to bring additional security and identity features that simplify cloud security, so developers can spend more time innovating.”
In the coming months, DigitalOcean will be releasing several features to strengthen its IAM offerings:
-
Per-bucket Spaces access keys: Spaces bucket access keys on a per-bucket basis.
-
RBAC custom roles: Allows customers to configure custom, persistent, reusable permission sets for their business needs which are not met by RBAC predefined roles.