Organize your resources in BlueXP IAM with folders and projects
BlueXP identity and access management (IAM) enables you to organize your NetApp resources using projects and folders. A project represents a workspace in BlueXP that organization members access to manage resources (for example, a Cloud Volumes ONTAP system). A folder groups related projects together. After you organize your resources into folders and projects, you can grant granular access to resources by providing organization members with permissions to specific folders and projects.
Add a folder or project
When you create your BlueXP organization, it includes a single project. You can create additional projects to manage your organization's resources. You can optionally create folders to group related projects together.
The depth of your organization's hierarchy can go down to 7 levels. As a result, you can create nested folders down to 6 levels. The last nested folder can then include projects at the seventh level of the hierarchy.
The following image illustrates the maximum depth of your organization's hierarchy:
-
In the upper right of the BlueXP console, select > Identity & Access Management.
-
From the Organization page, select Add folder or project.
-
Select Folder or Project.
-
Provide details about the folder or project:
-
Name and location: Enter a name and choose a location in the hierarchy for the folder or project. A folder or project can reside directly underneath the organization or within a folder.
-
Resources: Select the resources that you want to associate with this folder or project.
You can only select from the resources that are associated with the parent of the folder or project. If the parent is the organization, then you can choose from any resource in the organization. If the parent is a folder, then you can only select from the resources that are associated with the folder.
-
Access: View the members who will have access to the folder or project based on the existing permissions already defined in your resource hierarchy.
If needed, select Add a member to specify additional organization members who should have access to the folder or project and then select a role. A role defines the permissions that members have for the folder or project.
-
-
Select Add.
BlueXP creates the folder or project and associates the specified resources and members.
View the resources and members associated with a folder or project
To verify that your resources are organized appropriately and accessible to the right members in your organization, you can view which resources and members are associated with a folder or project.
-
From the Organization page, navigate to a project or folder in the table, select and then select Edit folder or Edit project.
-
On the Edit page, view details about associated resources and member access:
-
Select Resources to view the associated resources. In the table, the Status column identifies the resources that are associated with the folder or project.
-
Select Access to view the members who have access to the folder or project.
-
If needed, you can modify the associated resources or modify member access.
Modify the resources associated with a folder or project
You can modify the resources that are associated with a folder or project by associating or disassociating a resource. For example, you might want to associate a resource with another project because that resource has capacity that another team can utilize.
-
From the Organization page, navigate to a project or folder in the table, select and then select Edit folder or Edit project.
-
On the Edit page, select Resources.
In the table, the Status column identifies the resources that are associated with the folder or project.
-
Select the resources that you'd like to associate or disassociate.
-
Depending on the resources that you selected, select either Associate with the project or Disassociate from the project.
-
Select Apply
BlueXP associates the resources with the folder or project. Organization members who have permissions for that folder or project can now access the associated resources.
Modify member access to a folder or project
Modify member access to a folder or project to ensure that the right members have access to the resources associated with the folder or project.
-
From the Organization page, navigate to a project or folder in the table, select and then select Edit folder or Edit project.
-
On the Edit page, select Access.
BlueXP displays the list of members who have access to the folder or project.
-
Modify member access:
-
Add a member: Select the member that you'd like to add to the folder or project and assign them a role.
-
Change a member's role: For any members with a role other than Organization Admin, select their existing role and then choose a new role.
If a role was provided at a higher level of the hierarchy (at the folder or organization level), then you should consider whether to change the role at the lower level or the higher level. For example, if you assigned the Folder or project admin role at the folder level, changing the role at the project level to lower-level permissions won't alter the permissions for the member. Because roles are inherited down the organization hierarchy, the member would still have admin permissions at the project level.
-
Remove member access: For members who have a role defined at the folder or project for which you're viewing, you can remove their access.
If member access was provided at a higher level of the hierarchy (at the folder or organization level), then you can't remove member access when viewing this folder or project. You need to switch to that part of the hierarchy. Alternatively, you can manage permissions from the Members page.
-
-
Select Apply.
BlueXP updates the members who have access to the folder or project.
Obtain the ID for a project
If you're using the BlueXP API, you might need to obtain the ID for a project. For example, when creating a Cloud Volumes ONTAP working environment.
-
From the Organization page, navigate to a project in the table and select
The project ID displays.
-
To copy the ID, select the copy button.
Rename a folder or project
If needed, you can change the name of your folders and projects.
-
From the Organization page, navigate to a project or folder in the table, select and then select Edit folder or Edit project.
-
On the Edit page, enter a new name and select Apply.
BlueXP updates the name of the folder or project.
Delete a folder or project
You can delete the folders and projects that you no longer need.
-
The folder or project must not have any associated resources. Learn how to disassociate resources.
-
A folder must not contain any subfolders or projects. You need to delete those folders and projects first.
-
From the Organization page, navigate to a project or folder in the table, select and then select Delete.
-
Confirm that you want to delete the folder or project.
BlueXP deletes the folder or project. That folder or project is no longer available to organization members.