Skip to main content
BlueXP setup and administration

Organize your resources in BlueXP IAM with folders and projects

Contributors netapp-bcammett netapp-tonias
PDFs

BlueXP identity and access management (IAM) enables you to organize your NetApp resources using projects and folders. A project represents a workspace in BlueXP that organization members access to manage resources (for example, a Cloud Volumes ONTAP system). A folder groups related projects together. After you organize your resources into folders and projects, you can grant granular access to resources by providing organization members with permissions to specific folders and projects.

Add a folder or project

When you create your BlueXP organization, it includes a single project. You can create additional projects to manage your organization's resources. You can optionally create folders to group related projects together.

About this task

The depth of your organization's resource hierarchy can go down to 7 levels. As a result, you can create nested folders down to 6 levels. The last nested folder can then include projects at the seventh level of the hierarchy.

The following image illustrates the maximum depth of your organization's resource hierarchy:

A screenshot that shows an organization

Steps

  1. In the upper right of the BlueXP console, select The settings icon which displays in the top right of the BlueXP web console. > Identity & Access Management.

  2. From the Organization page, select Add folder or project.

  3. Select Folder or Project.

  4. Provide details about the folder or project:

    • Name and location: Enter a name and choose a location in the hierarchy for the folder or project. A folder or project can reside directly underneath the organization or within a folder.

    • Resources: Select the resources that you want to associate with this folder or project.

      You can only select from the resources that are associated with the parent of the folder or project. If the parent is the organization, then you can choose from any resource in the organization. If the parent is a folder, then you can only select from the resources that are associated with the folder.

      Learn when you might associate a resource with a folder.

    • Access: View the members who will have access to the folder or project based on the existing permissions already defined in your resource hierarchy.

      If needed, select Add a member to specify additional organization members who should have access to the folder or project and then select a role. A role defines the permissions that members have for the folder or project.

      Learn about predefined IAM roles.

  5. Select Add.

Obtain the ID for a project

If you're using the BlueXP API, you might need to obtain the ID for a project. For example, when creating a Cloud Volumes ONTAP working environment.

Steps

  1. From the Organization page, navigate to a project in the table and select An icon that is three side-by-side dots

    The project ID displays.

  2. To copy the ID, select the copy button.

    A screenshot of the folders and projects table that shows the project ID fater selecting the action menu for a project.

Rename a folder or project

If needed, you can change the name of your folders and projects.

Steps

  1. From the Organization page, navigate to a project or folder in the table, select An icon that is three side-by-side dots and then select Edit folder or Edit project.

  2. On the Edit page, enter a new name and select Apply.

Delete a folder or project

You can delete the folders and projects that you no longer need.

Before you begin

  • The folder or project must not have any associated resources. Learn how to disassociate resources.

  • A folder must not contain any subfolders or projects. You need to delete those folders and projects first.

Steps

  1. From the Organization page, navigate to a project or folder in the table, select An icon that is three side-by-side dots and then select Delete.

  2. Confirm that you want to delete the folder or project.

View the resources associated with a folder or project

To verify that your resources are organized appropriately and accessible to the right members in your organization, you can view which resources and members are associated with a folder or project.

Steps

  1. From the Organization page, navigate to a project or folder in the table, select An icon that is three side-by-side dots and then select Edit folder or Edit project.

    A screenshot of the Organization page that shows the Edit project option when selecting the action menu for a project in the table.

  2. On the Edit page, you can view details about the selected folder or project by expanding the Resources or Access sections.

    • Select Resources to view the associated resources. In the table, the Status column identifies the resources that are associated with the folder or project.

      A screenshot of the Edit project page that shows the available resources that you can associate or disassociate with the project.

Modify the resources associated with a folder or project

You can modify the resources that are associated with a folder or project by associating or disassociating a resource. For example, you might want to associate a resource with another project because that resource has capacity that another team can utilize. Once you've associated a resource with a folder or project, organization members who have permissions for that folder or project can access the associated resource.

Before you begin

Learn when you might associate a resource with a folder.

Steps

  1. From the Organization page, navigate to a project or folder in the table, select An icon that is three side-by-side dots and then select Edit folder or Edit project.

  2. On the Edit page, select Resources.

    In the table, the Status column identifies the resources that are associated with the folder or project.

  3. Select the resources that you'd like to associate or disassociate.

  4. Depending on the resources that you selected, select either Associate with the project or Disassociate from the project.

    A screenshot of the Edit project page that shows the Associate resources option that is available after you select resources that aren't currently associated.

  5. Select Apply

View members associated with a folder or project

  • Select Access to view the members who have access to the folder or project.

    A screenshot of the Edit project page that shows the members who have access to the project.

Modify member access to a folder or project

Modify member access to a folder or project to ensure that the right members have access to the resources associated with the folder or project.

If member access was provided at a higher level of the hierarchy (at the folder or organization level), then you can't remove or change member access when viewing the lower-level folder or project. You need to switch to that part of the hierarchy and update the member's permissions there. Alternatively, you can manage permissions from the Members page.

Learn more about role inheritance.

Steps

  1. From the Organization page, navigate to a project or folder in the table, select An icon that is three side-by-side dots and then select Edit folder or Edit project.

  2. On the Edit page, select Access to view the list of members who have access to the selected folder or project.

  3. Modify member access:

    • Add a member: Select the member that you'd like to add to the folder or project and assign them a role.

    • Change a member's role: For any members with a role other than Organization Admin, select their existing role and then choose a new role.

    • Remove member access: For members who have a role defined at the folder or project for which you're viewing, you can remove their access.

  4. Select Apply.