Introduction
Team accounts enable customers to have siloed data sets and assets (parsers, dashboards, alerts, etc.). By dividing a large organization's data set into separate accounts, it can help searches return more quickly (because less data is being searched) while allowing for granular user permissions.
For convenience, log volume is consolidated across team accounts into a single bill. Team accounts are only available to paid customers with an annual agreement.
Terminology
To simplify this article, we have outlined the following useful terms. To illustrate the roles of these accounts (in the "Example Use Case" section), we abbreviated the associated email addresses in the format <name>-<role>, where <role> is either master, team, or user.
- Master account (devops-master) - The primary team account. Aggregates log volume from associated team accounts for the purposes of billing.
- Team account (queue-team, messaging-team, platform-team) - An account that ingests data. Has its own users, permissions.
- Linking - The process of associating users with accounts.
- This is done via invitation from a user with "Full Access."
- From a team account, click the User menu, choose “Manage Users” and click “Send Invites.”
- The user must accept the invitation in order to get access
- Once an invitation has accepted the invitation, they can switch between teams by clicking the User Menu -> "Manage Teams" and selecting an account they have access to
- Users (joe-user, will-user, mac-user) - User accounts do not ingest data and can log into team accounts (if permission is explicitly granted)
Configuration
Important
Master and team accounts should be treated as standalone system accounts.
- Never link the master account to its team accounts, as it can lead to unexpected results. Config write API tokens for an account that is linked to another will fail, and read log API tokens from an account that is linked to another account will return results from the account that it is linked to.
- The master or team accounts were not designed to be user accounts - All administrative tasks should be performed by a user with "Full Access" permissions.
- Only perform the "Invite Users" process for email addresses that are associated with users.
If the use case outlined in the "Introduction" section applies to you, please begin the process of establishing team accounts.
If you are an existing user, you have probably created the accounts that you intend to use. Or, if you need to switch an existing account to a different email address, please contact support@scalyr.com and let us know. Otherwise, follow these steps to begin the configuration process:
- Create the necessary email accounts before beginning. For example, if you have 3 teams, create 4 accounts (1 per team, and 1 master account).
- Create DataSet trial accounts for each of the email accounts that you established
- Contact DataSet Support (support@scalyr.com) to request an account modification. Specify the master account, and its associated team(s).
- Sign in to the "master" and "team" accounts and invite users. Provide at least one user with "Full Access" permissions. Once users have been invited, sign in as users to access account.
- Since this is the initial login, log in to each DataSet account with the DataSet team account address. Click the user menu → "Manage Users" to invite users. Sign out once you are done.
- If the user account does not already exist, one will automatically be created. The user will need to create a password upon accepting the invitation email.
- If the user account exists, the user will receive an invitation email. Upon signing in, they will have access to the account.
- If users are on multiple teams, they can switch between teams by clicking the User Menu → "Manage Teams", and selecting the appropriate team (displayed as hyperlink). Once the team has been selected, it will be displayed as an entry on the user menu for quick access.
Example Use Case
Karate Data Co. has a significant amount of log data distributed among 3 teams (Messaging, Queue, and Platform). Due to security policies, users are only allowed to access data associated with their team(s). Each teams has alerts, graphs, dashboards, and searches that are specific to their tasks and objectives. To simplify billing, Karate Data needs a single invoice that contains the combined log volume for all team accounts per month.
Karate Data has the following team structure:
- Joe works on the Messaging and Queue teams, and has access to both accounts.
- Will is a member of the Platform team and can only access the Platform account.
- Mac is the CTO and configures the master account to process high level platform logs. These logs are isolated from users who have access to the Messaging, Queue, and Platform accounts.
Creation Scenario
Mac creates 4 email accounts on his platform (devops-master, messaging-team, queue-team, and platform-team). He then creates corresponding DataSet trial accounts and contacts DataSet Support to establish devops-master as the master account for combined billing purposes.
Once this has been completed, Mac signs in to devops-master, sends an invitation to his personal account (mac-user), grants "Full Access" permissions to the devops-master account, and logs out. He then logs in to DataSet as mac-user. Since each team account has access to a smaller, more relevant pool of data, noise from unrelated data sources and search times are minimized. Users are also able to perform their data-driven tasks independently of each other.
Joe - Multi-team Overview
Joe works on the Messaging and Queue teams and requires access to data on both platforms. Mac adds Joe by sending him invitations to the messaging-team and queue-team accounts. Joe accesses the Messaging account invitation first. He does not have a DataSet account at this time, so he is prompted to establish one by creating a new password. He then accepts the invitation to the Queue team. Joe now has access to the Messaging and Queue team accounts, and creates search queries, alerts, and dashboards that are unique to each. He is able to quickly navigate between accounts by picking the account he wishes to access from the User Menu -> "Manage Teams' option.
Will - Single team Overview
Mac invites Will to the Platform team by sending him an invitation. Will accepts the invitation, but since he already has a DataSet trial account, he simply logs in with his account details, then accepts the invitation. Will can now access the Platform team account.
Mac - Billing
Mac configures credit card billing on the master account by logging in as devops-master and completes the billing details. Once this is complete, he signs out and logs in with mac-user account. As previously mentioned, master / team accounts should not be used as user accounts (treat them like the root account)! — Users should create separate accounts for regular use.
Comments
0 comments
Please sign in to leave a comment.