meshStack

meshStack

  • User Docs
  • Administrator Docs
  • API Docs
  • Release Notes
  • Feedback

›Concepts

Getting Started

  • How to get started with meshStack
  • AWS S3 Quickstart Guide
  • AKS Platform Quickstart Guide
  • AKS Developer Platform Guide

Concepts

  • Overview
  • Administration Roles
  • Onboarding
  • meshWorkspaces
  • meshProjects
  • meshTenants
  • Replication Configuration
  • Delete Tenants
  • meshUsers
  • meshPlatforms
  • Landing Zones
  • Open Service Brokers (OSB)
  • Guide: Emergency Users
  • Managing Tags
  • Policies
  • Unmanaged Tenants
  • meshStack Settings
  • Workspace Services
  • API Users
  • DNS and SSL Certificates
  • Customizing
  • Product Feedback Collection

Identity & Access

  • Identity and Access Management
  • Identity Provider
  • Identity Lookup
  • Authorization
  • User & Group LDAP Synchronisation
  • User & Group SCIM Synchronisation

Building Blocks

  • Building Blocks
  • Private Runners
  • Terraform/OpenTofu state managed by meshStack
  • Permission Delegation on AWS
  • Connecting meshStack and a Pipeline

Metering & Billing

  • Cost Management
  • Configuration

Amazon Web Services

  • Integration
  • Landing Zones
  • Metering
  • SSO Setup
  • Reserved Instances & Savings Plans Guide

Microsoft Azure

  • Integration
  • Landing Zones
  • Metering

Google Cloud Platform

  • Integration
  • Landing Zones
  • Metering

Cloud Foundry

  • Integration
  • Metering

Kubernetes

  • Integration
  • Landing Zones
  • Metering

GitHub

  • Pipeline Automation
  • Repository Provisioning

OpenShift

  • Integration
  • Landing Zones
  • Metering

OpenStack

  • Integration
  • Metering

OSB Services

  • Integration
  • Metering
  • meshcloud OSB API Profile
  • Tenant Services
  • Tutorial: Implement a Broker

Operations

  • Managed Service
  • Email
  • Logging & Auditing
  • Monitoring & Telemetry
  • Backup
  • Security FAQ

Guides

  • How to integrate a meshPlatform into meshStack
  • How to manually integrate AWS as meshPlatform
  • How to manually integrate Azure as meshPlatform
  • How to manually integrate GCP as meshPlatform
  • How to create your own platform
  • How to manage partner level permissions
  • How to use scoped API keys
  • How to setup and manage a Building block
Edit

Administration Roles

Partners Users have access to the so called Administration Area. The administration area enables partner users to manage their child meshWorkspace accounts within the meshcloud platform. Assigning Partner Users can only be done by Partner Admins.

Different groups of people may need access to the different administration area functionality. Therefore, the following administrative roles are currently available to users of the administration area:

  • Partner Admin: It's basically the account with administration rights. Has full access to all functionality and can manage users of the administrator/partner account.
  • Partner Employee: Has full access to all administration functionality, but cannot manage policies, tag definitions or users of the administrator/partner account.
  • Platform Operator: An operator of a cloud platform, that is managed by the meshcloud platform. This role can perform tasks related to platform operations in the administration area.
  • Ops Support: Not all Ops operations must be executed by Platform Operators. E.g. setting quotas is a task that can also be done by a separate Ops Support team.
  • Controller: A Controller has access to billing and usage information of workspace projects.
  • Onboarding Support: A support team in place to help users who want to sign up may also need access to some administration functionality which is granted by this role.
  • Compliance Manager: Has the rights to manage policies and tag definitions.
  • Replication Operator: A supportive role that can assist by viewing tenants' replication status. This role is helpful for meshcloud employees to debug any potential issues with tenant replication.

See the meshWorkspace documentation for details about how you can manage the roles of your users. This set of roles is easily extendable by adding roles to reflect individual access requirements of your organization.

The following table provides details about the functionality available to the different roles by default. The Access rights can also be adapted individually per meshcloud installation.

Partner AdminPartner EmployeePlatform OperatorOps SupportControllerOnboarding SupportCompliance ManagerReplication Operator
Workspace List✓✓✓✓✓✓✓✓
  Payment Methods List✓✓✓
  Manage Payment Methods✓✓✓
  Project List✓✓✓✓✓✓✓✓
    Manage Quota✓✓✓✓
    Edit project tags✓✓✓✓✓
    History✓✓✓✓✓✓✓
  List Workspace Users✓✓
    Add yourself✓✓
    Send message✓✓
    Pending role requests✓✓✓✓
  Project Export✓✓✓
  Quota Export✓✓✓✓
Compliance✓✓✓
   List policies✓✓✓
   Manage policies✓✓
   List Tags✓✓✓
   Manage Tags✓✓
Project Management✓✓✓✓✓
  Delete Tenants✓✓✓✓✓
    History✓✓✓✓✓
  Chargeback Statements✓✓✓
Platforms✓✓
  Platform Notifications✓✓✓
  Platform Restrictions✓✓✓✓
  Landing Zones✓✓✓
  Usage Reports✓✓✓
  Tenants✓✓✓✓✓
  View Unmanaged Tenants✓✓✓✓
  Assign Unmanaged Tenants✓
User List✓✓
  Create User✓✓
  Delete User✓✓
  Download User Info✓✓
API Users✓
Service Broker✓✓
  Approve Service Broker✓✓
List Building Blocks & Definitions✓✓✓✓✓
   Manage Building Blocks & Definitions✓✓✓✓✓
   Delete Building Blocks & Definitions✓✓✓

Please review meshWorkspace roles for roles available to end-users of your meshStack implementation.

Admin Groups

To avoid assigning multiple users individually, you can create Admin Groups. These groups can be assigned to roles in the same way as individual users. You can view Admin Groups within your Administration Area by going to the Admin Groups section on the Admin Access Control page. Currently, the creation of Admin Groups is only possible via the meshStack API, namely meshWorkspaceUserGroups API endpoint, and to create one you will need a unique identifier, which you can find in the Admin Group section. In the example provided, the identifier is named "demo-partner," but it is unique to every meshStack. admin-group

Last updated on 4/17/2025
← OverviewOnboarding →
  • Admin Groups
meshStack
Docs
User DocumentationAdministrator DocumentationSecurity FAQ
Get in Touch
SupportWebsiteLinkedIn
More
Release NotesGitHub
Copyright © 2025 meshcloud GmbH