Manage Organizations
The Organizations feature in the DoiT console enables you to segment your data. It helps you to centrally manage your public cloud while allowing for decentralized section management.
Compared with the role based access control (RBAC) functionality that limits user permissions within a team, the Organizations feature allows you to mirror your organizational structure, business units, and other groupings within the DoiT console.
Organizations provide tightly scoped Cloud Analytics experiences. With an organization, you scope reports to the same attributions that are used when creating the organization. Creating organizations for independent departments or groups helps to eliminate the clutter of total spend, allowing for more efficient trend and insight analysis.
Key concepts
-
Organization: An organization uses attributions to filter data. For members of an organization, Cloud Analytics reports only show the relevant data.
-
Root organization (default organization): Every company has a default organization named after their primary domain. This organization, by default, has access to all data within a company. It can be restricted by editing its attributions. When an organization is deleted, its members are placed in the default organization. This allows you to configure a restricted landing zone for users when removing organizations.
-
Member: Users assigned to an organization are organization members. They have access only to the data that are included in the chosen attributions (with the exception of dashboards and widgets of global scope).
Required permission
- Users Manager
Create an organization
To create a new organization:
-
Select the gear icon () from the top navigation bar, and then choose Identity & access.
-
Select Organizations from the left-hand menu.
-
Select Create new organization.
-
Enter a name for the new organization.
-
Define the scope of the organization. Organizations use attributions to control the scope of data. You can choose up to three attributions.
-
Assign users to the organization. A user can be assigned to only one single organization.
-
Choose global dashboards that are accessible to members of the organization.
-
This option is available once you clear the Disable custom dashboards checkbox in the Advanced options.
-
Global dashboards include preset dashboards and custom dashboards with Public visibility.
-
Global dashboards use the same data scope as the signed-in user's organization, based on the selected attributions. The only exception is the BigQuery Lens, which shows data across accounts/projects.
-
-
(Optional) Use the Advanced options to further specify permissions for organization members.
-
Disable custom dashboards: Prevents organization members from creating custom dashboards, customzing dashboards, or adding widgets. Selecting this option will cause organization members lose access to preset dashboards.
-
Disable account dashboard: Prevents organization members from accessing the Account dashboard.
-
Widgets accessibility
Whether a widget is accessible to a specific user in an organization depends on two factors:
-
Roles and permissions of the user: The user may need special permissions to access a widget. For example, to access the support requests widget on the Account dashboard, a user needs the Support Requester permission.
-
Widget scope: To limit access to widgets with a global scope, select the advanced option Disable custom dashboards.
Limitations
-
Only the Cloud Analytics feature supports organizations.
-
Reports shared outside the organization are not visible within the organization.
-
BigQuery Lens dashboard represents data across the company, not filtered to a specific organization.