18. Platform Administration
Users & Security Groups
There are three categories of roles for users within a Flowgear tenant:
- Site Users are managed from
→ Manage Site Users. Site Users work with assets like Workflows, Connections and DropPoints that exist within the context of a Site. - Account users are managed from
→ Accounts → (your account) → Manage Users for this Account. Account users have access to the account that holds the subscription which in turn is allocated to one or more Sites. - Global Admin Users are managed from
⚙ → Global Admins. Global Admins can see low-level Platform Logs (these are different to Workflow Logs) and information about the underlying infrastructure.
To add a user to any of these areas, click +, then provide an email address and toggle on the Security Group you would like to grant the the user.
You can see a list of built-in Security Groups from ⚙ → Security Groups. You can also create custom security groups from this area.
Environment-Scoped Permissions
By default, when you grant a Security Group to a User, it applies to all Environments. For example, if you grant a Security Group that allows a user to save a Workflow, the User will be able to save the Workflow into all Environments.
On certain plans, you can opt in to Environment-Scoped Permissions. This is enabled by toggling the Environment-Scoped Permission toggle under Security in → Edit Site Settings.
When enabled, you'll be able to choose which Environments are permitted for the Security Groups for a User. For example, you can limit a User to have access only to save a Workflow under the Test Environment.
Site Configuration
Previously we looked at how you can use Site Configuration to store data outside of a Workflow. This means that users can manage the data without needing to make design changes to the Workflow. You can access the Configuration data that pertains to a specific Workflow from the Workflow Landing Pane but Flowgear also provides a view of Site-wide Configuration data which can be managed from ⚙ → Site Config.
Nodes
Under ⚙ → Nodes, you can see the complete list of Nodes published into your tenant. If you have built your own Node, you can publish it into your tenant by clicking +.
For any Node that you own you can also managed its Configuration data by opening the Node from the list.
Apps
You can build web apps that embed directly into the Console to provide tailored business utilities. These apps inherit the current user context, have access to all Console API's and use API-bound Workflows as their backend.
Apps are managed and published from ⚙ → Apps and you can read more about building apps.
Platform Logs
⚙ → Platform Logs provides access to realtime, low-level platform logs. This area can be useful to diagnose low-level issues. You can also download a text file containing all the logs for a specific UTC day by clicking the download logs button on the right-hand side.
Cluster
You can see detail information about the Flowgear cluster your tenant is provisioned on from ⚙ → Cluster .
Within the Cluster pane, the Virtual Machines being used to run the subscription are shown. Note that if your plan includes a disaster recovery (secondary) region, you will need to sign in to the secondary tenant (i.e. s-{yourtenantname}) to see that infrastrucutre.
The web app version is shown on the right hand side of the screen while the core (backend) version is shown under each VM against the Version label.
Obtaining your outbound IP Address
If you are licensed for a NAT gateway (in order to provide a static outbound IP), you can confirm the assigned IP address from Tools → Get Request Info under Outbound IP Address. This IP Address can be used to whitelist Flowgear for cases where you need to connect directly from it to an internal resource without using a DropPoint.
Wrapping up
Well done on reaching the end of the certification course!
Don't forget to submit any incomplete exercises so that we can send you your certification.
If you need any help, feel free to reach out to us using the Help → Support option in the Console.