New Features (2)
- New Role-Based Access Control Services. CenturyLink Cloud has launched an upgraded user security model that cascades throughout the UI and v2 API. These 8 roles map to unique personas within an organization and help customers apply a least-privilege approach to their cloud environment. A user can be part of multiple roles, and the Control Portal user interface recognizes which role(s) a customer has and adjusts accordingly. For a deep dive description of the permissions assigned to each role, view the Permission Matrix KB. Also, review the Roles FAQ and migration guide for more details. Below is a brief description of each role:
- Account Administrator can perform any provisioning and management tasks available in the cloud platform.
- Server Administrator cannot change account-level settings or some networking services, but has full permission to create and manage virtual server infrastructure.
- Server Operator has day-to-day management permissions but cannot add public IPs, create load balancer pools, or change policies.
- Security Manager can change account settings, user permissions, and firewall policies, but cannot build or manage virtual resources.
- Network Manager can configure and maintain network settings like DNS, VPNs, vLANs, and firewall policies.
- DNS Manager has permission to manage DNS zones.
- Billing Manager has access to billing history and payment information.
- Account Viewer has read-only access to all aspects of the cloud platform, and cannot initiate changes or create resources.
- Feature Flags. The platform now supports data center-level "feature flags" that make it possible to turn capabilities on and off on a per-DC basis. This helps private cloud customers (and potentially public cloud customers) control which capabilities are available to their users. Initial feature flags exist for: premium storage, shared load balancer, site to site VPN, client VPN, and public IP addresses.
Minor Enhancements (5)
- Server (Beta) out of Beta. The classic groups/server page is now retired in favor of the new Servers user interface. The page URL has changed as well, but all existing server links will seamlessly redirect.
- Global Search index changed. The Global Search has been further tuned, and we have temporarily removed the following items from the results: group name, group description, VLAN name, public IP addresses, blueprint name, blueprint package name.
- Payment details available via v1 API. The v1 API was updated to return the payment details on the new GetResponsibleBillingAccount call.
- Create users with new roles via v1 API. Customers who currently provision users automatically via the v1 API can set values related to the newly released roles.
- Get public IP from server details page only. We've retired the "add public IP" button from the "IP Addresses" page and now have a consolidated place to set and manage public IP addresses. Visit the details page for a given server and easily set and change public IP address settings.