Cluster Roles and Permissions for Self-Service#
For Squirro Self-Service instances, there is an additional level of roles and permissions beyond the server-level and project-level roles and permissions detailed in Squirro Roles & Permissions.
This page discusses the cluster-level roles managed on the Cluster (also known as My Instances) page shown below:
Cluster-Level Roles#
There are three Cluster-level roles:
Owner
Administrators
Users
These roles map to associated Squirro server-level roles of Administrator or Users.
The cluster-level Owner and Administrator roles both map to server-level Administrator roles, and function the same way.
Note
The special feature of the Owner role is that it belongs to the Squirro ID that first created an instance on the Cluster page, and the Owner role is the only person capable of deleting the created instance outside of contacting Squirro Support.
The cluster-level Users role maps to the server-level Users role.
Reference: For details on server-level roles, see Server-Level Permissions.
Self-Service Instance Ownership#
The Squirro ID that creates a new instance becomes the instance Owner. The Owner role cannot be changed or transferred through the user interface (UI).
Note: If you need to change an owner, contact Squirro Support.
Managing Cluster Roles in the UI#
You can manage cluster permissions on the Cluster page, also known as the My Instances page.
To manage cluster permissions, follow the steps below:
Once logged in to Squirro with your Squirro ID, navigate to the Cluster space.
Hover over any instances you have Administrator or Owner privileges for, and click the three-dot menu that appears, as shown in the screenshot below:
Click Users.
Modify individual user roles using the Role drop-down menu, remove users by clicking Remove, or click Invite Users to add users by email address.
Managing Domains in the UI#
The Domains option on the Cluster page allows you to manage the domains that are allowed to access your Squirro Self-Service instance. By adding a domain to an instance, every user who has a validated email address in that domain can get access to the instance as a User.
Squirro sends a validation email to the email address of each user who requests access to the instance. The user must click the link in the email to validate their email address to gain access to the instance.
To manage domains, follow the steps below:
Once logged in to Squirro with your Squirro ID, navigate to the Cluster space.
Hover over any instances you have Administrator or Owner privileges for, and click the three-dot menu that appears, as shown in the screenshot below:
Click Domains.
Click Add Domain.
Enter the domain you want to add, then click Save.
Self-Service SSO via Squirro ID#
By default, Squirro Self-Service uses SSO to configure permissions with Squirro ID as the provider.
When you add people to an instance, start.squirro.com
serves as an identity provider for the Squirro instances. When a person logs into the instance you’ve created, they’re redirected to start.squirro.com
authentication.
For more information about SSO SAML configuration, see SAML SSO for Squirro.
To disable SSO SAML configuration and manage users through the UI, see Enabling and Disabling UI User Management.
Warning: Disabling SSO SAML on Squirro Self-Service instances for permission management is not recommended as it will prevent some administrative tasks from working well. If you would like to replace authentication on Self-Service instances with your own identity provider, contact Squirro Support.