How do I manage VMs based on Groups?
Principle
There are two types of groups in tiCrypt.
- in the .
- .
Groups
in the .
Vault Groups
Groups
in the is by default cryptographic
. They aim to create an environment for users, unreachable by admin's access controls, available only to the group members.
Groups
in the Vault are fully encrypted designed for users who work with sensitive data.Each group member may come from a different team.
Groups in the Vault have nothing to do with Group Management card from the tab.
Virtual Machine Groups
Groups
in the are access-controlled.
Their purpose is to divide VM users into categories.
By default there are three groups in the . Groups
management in :
Everybody
: includes all members of the Virtual machine.Managers
: includes only the managers and the owners of the virtual machine.Nobody
: includes no users from the Virtual machine.
side note: the nobody
group is used when a VM owner does not want to share the VM with anyone else.
To learn more about groups in the vault, navigate to the groups overview section.
Practice
Create a Group in the Vault
To create a group in the vault navigate to tab in the section in the top right panel.
- Click on the
Create group
icon in the top right. - Follow the instructions from create a group section.
Create a Group in the Virtual Machine
To create a group in the virtual machines navigate to tab in the section.
- Start and Connect your Virtual machine.
- Select your Virtual machine.
- Click on
Group Management
card on the center-right. - Click
Create group
button on the top. - In the prompt, type a name for your VM group.
- Click .
- Optionally, follow the instructions from group management section.
Virtual machines do not currently support editing VM group names after creation. To change a group's name in VM, you must re-create the group from scratch.
Create an Access Directory for a Group in the Virtual Machine
To create an group-based access directory in the virtual machines navigate to tab in the section.
- Start and Connect your Virtual machine.
- Select your Virtual machine.
- Click on
Access Directory Management
card on the center-right. - Click
Create access directory
button on the top. - In the prompt, type a name for your access directory.
- Type the access directory owner name.
- Type the group's name associated with the access directory.
- Select the access mode (read-only or read-write).
- Click .
- Optionally, follow the instructions from access directory section.
- The owner of the access directory can be the user, manager, or the owner of the selected VM.
Access-mode
allows the selected access directory owner toread-write
on the drive associated with the access directory.- For good practice, only VM owners should have
read-write
access to access directories.