Managing Users

RunOS allows you to collaborate with team members by inviting them to your account. All invited users can access the clusters and resources within the account.

Understanding User Permissions

Current Permission Model

Important: All users currently have admin-level access to the account.

What this means:

• All invited users can perform any action within the account
• Users have full access to all clusters in the account
• Users can deploy, modify, and delete services and applications
• Users can invite or remove other users
• Users can modify account settings

Granular permissions coming soon:

• Role-based access control (RBAC)
• Per-cluster permissions
• Read-only users
• Custom permission sets

Account vs Personal Access

Account scope:

• When you invite a user to your account, they get access to everything in that account
• All clusters, services, applications, and settings

Personal accounts:

• Each user also has their own personal account
• Personal accounts are separate from shared accounts
• To access different accounts, users must sign out and sign in with the corresponding email address

Inviting Users

How to Invite

1. Sign in to RunOS Console
2. Click your user avatar (circle with your initials) in the top right corner
3. Select Account from the dropdown menu
4. Click the Users tab
5. Click Invite User
6. Enter the user's email address in the modal
7. Click Submit

What Happens Next

1. Magic link appears - A unique invitation link is displayed on your screen after submission
2. Copy the link - Copy the complete magic link shown
3. Share securely - You must manually share this link with the invitee through a secure channel:
   • Encrypted messaging (Signal, WhatsApp, etc.)
   • Secure email
   • In-person or over a secure call
4. User registration - The invitee must use both:
   • The magic link you shared
   • Their unique invitation code (included in the link)
5. Email verification - The invitation is locked to the specific email address you entered
6. Access granted - Once they complete registration, they immediately get admin access to your account

Important security notes:

• No automatic emails - Currently, RunOS does not send invitation emails automatically
• Manual sharing required - You are responsible for securely sharing the magic link with the invitee
• Email locked - The invitation only works with the exact email address you entered
• Keep link secure - Treat the invitation link like a password - anyone with the link and the matching email can join your account

Invitation Expiration

• Invitations expire after 24 hours
• Expired invitations cannot be resent
• To invite again after expiration, delete the old invitation and create a new one

Managing Existing Users

Viewing Team Members

1. Go to Account Settings
2. Click Team tab
3. View list of all users with access

Information displayed:

• User name
• Email address
• Join date
• Last activity (coming soon)
• Current status (Active/Invited)

Removing Users

To remove a user from your account:

1. Go to Account Settings
2. Click Team tab
3. Find the user in the list
4. Click the ⋯ (more options) menu
5. Select Remove User
6. Confirm the removal

What happens:

• User loses access immediately
• User is notified via email
• User retains their personal account
• Actions they performed remain in audit logs

Pending Invitations

View and manage pending invitations:

1. Click your user avatar in the top right corner
2. Select Account from the dropdown
3. Click Users tab
4. View the list of invited users (pending invitations appear with an "Invited" status)

Managing pending invitations:

• Delete invitation - Remove the invited user from the list to revoke the invitation
• Once deleted, the magic link becomes invalid immediately
• The same email address can be invited again after deletion
• Invitations automatically expire after 24 hours

Team Collaboration

Best Practices

1. Invite only trusted team members

   • All users have admin access currently
   • Can make significant changes to infrastructure

2. Use work email addresses

   • Easier to manage when people leave
   • Corporate email for audit trails

3. Communicate changes

   • Let team know about significant infrastructure changes
   • Use external tools for collaboration (Slack, Teams, etc.)

4. Review team regularly

   • Remove users who no longer need access
   • Check for inactive accounts

Multiple Accounts

Users can be members of multiple accounts, but switching between them requires signing out and back in.

Currently:

• Multi-account switching is not natively supported
• Each account is associated with a specific email address
• To access a different account, you must sign out and sign in with the corresponding email address

To switch accounts:

1. Click your user avatar in the top right corner
2. Select Sign Out
3. Sign in again using the email address associated with the other account
4. Console will load that account's resources

Coming soon:

• Native multi-account switching without signing out
• Quick account switcher in the navigation
• Single sign-in with access to all your accounts

Security Considerations

Current Admin Model

Since all users have admin access:

Risks:

• Any user can delete critical infrastructure
• Any user can invite or remove other users
• Any user can view all secrets and configurations

Mitigations:

• Only invite trusted team members
• Use audit logs to track actions
• Implement external approval processes for critical changes
• Consider separate accounts for different environments (production vs development)

Future RBAC

Role-based access control is coming soon and will allow:

Read-only users:

• View infrastructure and logs
• Cannot make changes

Per-cluster permissions:

• Access to specific clusters only
• Isolation between environments

Custom roles:

• Define specific permission sets
• Assign to users based on responsibilities