Roles in Silverstripe Cloud are used to ensure a good workflow exists between a web team and their customer. They restrict access to certain parts of the infrastructure and permit only selected users to perform some actions, such as deployment to production or accessing production data. Roles are structured in a hierarchy, with permissions being inherited upwards from a Team Member up to Stack Manager. A Stack Manager can give team members more permissions on the Stack Team page. For example, a Stack Manager could provide a team member permission to deploy to production or access production snapshots.
Non-trivial requests that come at a financial cost or pose an outage risk to the production environment, Silverstripe Cloud will obtain approval for the change. Depending on the nature of the request, the recipients may include the Stack Manager or Relationship Manager. Such requests may include adding or removing a stack, changing the Disaster Recovery level, updating file permissions, or low-level upgrades to the LAMP stack.
Roles
Relationship Manager
Each agency nominates a single Agency Relationship Manager, whose name is written into the Silverstripe Cloud Agreement. The Agency Relationship Manager is the primary contact at the agency for Silverstripe, in relation to the platform able to determine which other people at an agency have access to the stack through the Silverstripe Cloud interface, required to be readily contactable to approve new Stacks oversee the actions of one or more Stack Managers at an agency. It is up to an agency to decide the person to fill this role. An Agency Relationship Manager might be an IT manager, a communications manager or a digital channels manager.
Stack Manager
Stack Managers have financial and contractual authority over the stack. As a rule of thumb, a Stack Manager is needed to perform any changes with financial impacts, such as changing the stack size or approving an estimate.
Only Stack Managers have the ability to add, remove, define roles and permissions for each member. Stack Managers have the ability to approve deployment changes, although typically a Release Manager takes on this duty.
Release Manager
Release Managers can either be technical or non-technical. Their main role is approving changes relating to the environments on a Stack, but these can also be approved by Stack Managers.
Deployer
Deployers are usually lead or senior members of the development team. They have sufficient knowledge to formulate proposals for changes with uptime or feature impact, such as modifications to environment variables, SSL certificates, and changes to the whitelist.
If circumstances warrant it, Deployers can bypass the approval process.
Developer
Developers can snapshot and deploy to UAT & test environments directly, as well as request deployments to production, but they cannot bypass the approval process.
Team Member
Team members have the least privileges of all team members. They have access to the Stack to view information but can't deploy or request a deployment. They can access the Service Desk.
Permissions
UAT1 | Production1 | Configuration2 | Temporary CMS access | Add/Remove Users | Modify Stack | Service Desk access | |
---|---|---|---|---|---|---|---|
Relationship Manager | ✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
Stack Manager | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Release Manager | ✔ | ✔ | ✔ | ✔ | ✔ | ||
Deployer | ✔ | ✔ | ✔ | ✔ | ✔ | ||
Developer | ✔ | ✔ |
✔ | ||||
Team Member | ✔ (limited) | ✔ |
- Includes access to server logs for this environment.
- Includes configuration of variables, domains, SSL and whitelists.