Managing Teams

In many situations the concept of an Organization is sufficient to manage your internal resources (people and assets) as well as agreements and usage requests by outside groups. However as the number of projects and people involved expands, being able to further organize and limit the visibility of assets can be important for simplicity and compliance purposes. To assist with this, Teams can be created within your organization.

Organization vs Team

A member of an organization can be in one or more teams. By default, each organization has exactly one team and all of the users are simply members of that same team.

Once a second team has been created, members of the organization can be added to that team or not by the team administrators. Any asset created with only Team visibility will by default only be visible to the members of that team. Assets can be made visible to other teams via an Agreement, or by making the asset’s visibility Public.

Similarly, Processes and Audit records for operations performed by members of the team to members of that same team. There is no way to share Processes or Audit records with other teams.

Permissions are applied on a team by team basis. For example a single user could be granted the ability to Manage Agreements for one team, but not for other teams.

Although the visibility is segregated, the actual storage and computational resources for all teams within an organization is the same Access Point.

Why Not Independent Organizations?

Using the same Access Point for multiple teams simplifies the setup and maintenance tasks. Only a single virtual machine is needed, firewall rules need only be set up once, and upgrades are simple.

Additionally, users can easily be added or removed from teams at will. An organization admin can change this membership at any time. While assets can be used for joint operations between different organizations, only members of the same organization are able to access output assets.

When to Use Separate Organizations

Since an organization uses the same access point for all Teams and that access point only has a single attached storage associated with it, Teams cannot satisfy data localization requirements for an entity that spans multiple countries.

Managing Users, Teams and Owners

All organization Owners can create and view teams for administrative purposes. Individual teams have a single unique owner who can also manage that team.

Command Line Utility

The tb utility that comes with the SDK provides access to all the team management functionality. You can see all the details and options using tb admin --help, but we will go through the administrative basics here.

Owners

Every organization has at least one Owner with special powers. Organization owners are able to create and manage Teams, can view users across the organization, and can appoint or remove Owner status to other users. The basic commands are:

tb admin owner list
tb admin owner add EMAIL
tb admin owner remove
tb validate <local directory>

Creating a Team

Owners are able to create new teams.

tb admin team create "Team Name" TEAM_OWNER

If you don’t specify a TEAM_OWNER, you will become the owner yourself. The TEAM_OWNER must be an existing user, which you can specify using the user ID or their email address. If you don’t know or remember users, you can see all of them with the command:

tb admin user list

After the team has been created, you can also change the owner using:

tb admin team set-owner "Team Name" TEAM_OWNER


Viewing Existing Teams

As an Owner, you are able to view all teams -- even teams you are not a part of yourself.

tb admin team list

Managing Team Membership

Organization Owners can manage team membership, as well as the Team Owner or users granted Manage User permissions within any given team. These commands are organized under the team subcommand:

tb team add USER TEAM [PERMISSIONS]

and:

tb team remove USER TEAM