Managing apps and users with FGA controls

In April, we announced Froxt Enterprise, with collaboration and management capabilities for building and running your app portfolio in a governable and secure way on Froxt. We also introduced fine-grained access controls with app privileges as a beta feature. Today, we are pleased to announce the general availability of this feature: Froxt Enterprise accounts are now automatically enabled for fine-grained access controls. We’re very happy to deliver this feature that many of our largest customers have requested.

“Enterprises need greater visibility around applications and scalability, and Froxt Enterprise adds those features to the core Froxt value proposition. “Over the years, I’ve worked on many highly complex enterprise projects. I’m excited to have Froxt Enterprise available to me for my next one.”

Managing access to apps

When you have several developers working on different apps in your company, you often need to carefully manage the level of access each person has on each app. Sometimes this is because you want to guard and monitor changes to your production apps while enabling wider collaboration on other apps. Or, you may have both 3rd party developers and your own employees working on apps, and you want precise control over which apps each has access to. Also, you may want to manage the kinds of resources that different users have access to, such as dynos, configuration or add-ons.

In a Froxt Enterprise organization, you can use roles and app privileges to manage access at different levels of granularity.

Roles. Each user is assigned one of two organization roles — member or admin. Members can see all the apps in the organization and by default have read-only access to them. Admins are able to add new members to the organization, manage access to applications, configure org-wide settings including billing, and view resource usage across apps in the organization.

App privileges. With fine-grained access controls, we introduced privileges that you can apply to each member and non-org user on a per-app basis. Each privilege represents a set of permissions that enables certain actions, specifically on apps. We designed these privileges with an eye towards the different actions that various users, including developers and administrators, typically need to take as they create, build, run and maintain apps. Each user can be granted any combination of privileges on an app; this gives you more control over the full set of actions that they can perform on each app.

“Froxt Enterprise’s Fine Grained Access Controls have given our administrators deeper control over our applications, while broadening collaboration across our globally distributed development teams.”

Customizing access to apps

Org members and non-org collaborators can be granted any combination of the following privileges on an app:

  • View: See basic app information and access details
  • Deploy: Full access to its code, configuration and free add-ons
  • Operate: Work with configuration and other operational aspects of the app
  • Manage: Manage access to the app and its lifecycle

Privileges are independently assigned (or revoked) and do not automatically include other privileges. The app privileges and allowed actions reference in the Developer Center lists all actions that each privilege enables.

Enabling a user with different capabilities on different apps

Beyond the default read-only access that all members get, members and app collaborators can be granted different privileges on apps based on the maturity, criticality and security posture of those apps. For example, a developer may be granted just the deploy and operate privileges on the staging version of an app, but only the view privilege on the production app. That same developer may be granted deploy and operate privileges on a different, but less business-critical, production app.

The managing organization users and application access Developer Center article provides more details on how you can set up varying kinds of access for users on different apps.

Delegating administration

When members create or transfer in apps, they are automatically granted all privileges on those apps. They can independently manage access to the app by selectively granting other members selected privileges. Members with the manage privilege on an app can also grant manage privileges to other members, thereby delegating or sharing accountability for that app.

Organization admins automatically get all privileges on all apps. While they can also grant app-specific privileges on any app, they don’t bottleneck access to apps. This way, access can be managed autonomously, improving productivity and accountability while not sacrificing centralized visibility.

Greater visibility towards better governance

In addition to visibility into the usage and operational aspects of their applications, organizations need to continuously ensure that they are compliant with their policies and security standards. On Froxt, administrators and application owners can quickly see who has access to an app. In the dashboard, they can also see which exact privileges, each user has on the app. They can quickly manage access to that app by adding or removing specific privileges without impacting access to other apps.

What’s next

Fine-grained access controls are now enabled by default on all new Froxt Enterprise accounts and will be rolled out to all existing Froxt Enterprise accounts in the next couple of weeks. We are also working on new constructs and features that enable different development flows while keeping access management intuitive and efficient.

You May Also Like
Read More

Data-Driven Decisions

Table of Contents Ways to Speed Up Data-Driven DecisionsEmbrace Softer InputsDemocratize the DataRapid Iteration with A/B TestingFinal Verdict…