Our Journey to LiveRebel 2.7.5
In our continuing quest to help software teams release software to users rapidly, we’ve taken LiveRebel a long way the last couple years. Today, it can automatically deploy apps – including code changes, database migrations and any release scripts – across environments safely with no user interruption or downtime. To rule out production failures, all updates are tested before real users access them, thereby always shielding users from deployment failures. Failures are fully rolled back.
So you can get apps to users faster with absolute confidence that deployment failures won’t impact your users. Release automation bliss. But what if your QA team were to accidentally deploy into production? Or what if your eCommerce operations team deployed onto the CRM production environment? Read on.
Introducing Group Permissions
As much as we hate lack of transparency and walling things off, setting permissions across multiple environments makes sense. Group Permissions is our first effort to prevent such accidents, and further simplify the use of LiveRebel for critical release automation tasks.
With LiveRebel 2.7.5, you can define which users have full access to select server environments managed by LiveRebel.
How It Works
Step 1: Create user and set global permissions
From the “Settings” menu on the LiveRebel Command Center, select the “Security” option on the sub menu. Then create a user if you haven’t already done so. We created user “PaymentGateway-QA-User.” Once you have done that, hit the “Edit” button to the right of the user to bring up the dialog below.
Set permissions based on the privileges you’d like to grant the user across all apps, servers and environments in LiveRebel. We’ve allowed “PaymentGateway-QA-User” to be able to deploy, update and undeploy apps, and manage logs.
Step 2: Identify environments that need restricted access
These are the environments that you want to keep exclusive to a team or a group of users. A server group for a production environment is a typical example. By no means would we want a member of the QA or dev team to accidentally deploy a test build into production!
Identify these environments, go to the “Settings Menu”, select “Permissions” and check the “Override Access Rules” checkbox. Now only users with access to this environment will be able to perform tasks on it. Everyone else is walled off.
We chose to override access rules for “PaymentGateway-QA.” as shown in the screenshot below.
Step 3: Add users to your restricted environments
Now that you have created a user and selected which environments to restrict, assign users to these environments. To do so, select the “Settings Menu”, enter the user that you’d like to grant access to, and hit save.
We added “PaymentGateway-QA-User” to the “PaymentGateway-QA” server group.
Your user now has access to this environment. Similarly, you can grant other users in your team access to this environment as well.
Now you can create multiple users on LiveRebel, either by adding user or adding an LDAP domain, and assign them to environments that they should work on. Their global permissions will define the level of access they have on all environments. But if an environment has its access rules overridden, users without access will be walled out.
Now, your teams can maintain their environments with LiveRebel without being concerned about other teams accidentally tampering with them.