In this Compose Notes - Compose account holders are getting the ability to more closely control which of their users can do what with their Compose accounts and the beginning of the end for sandbox databases as the first sandbox server is being turned off soon.
New Access Controls
As we've grown our range of databases at Compose, we've also seen the number of users for accounts grow. A Compose account can support many users with access to the administration of the databases, but those users have traditionally had almost complete access to the account. Account owners have been asking for a way to set roles for their users and we've just rolled out a new access control system which covers all the bases. You don't have to worry about using it; we've integrated a legacy mode which will let you carry on and migrate to having role control when you are ready.
The new system currently has four grantable permissions. A user with Billing Manager permission is able to access invoices and modify payment preferences. The Provisioner permission allows a user to deploy new Compose-hosted or Enterprise databases. For users of Compose Enterprise, the Enterprise Admin permission allows users to create and control Enterprise clusters on the account. Finally, there's also a permission, Owner, that implicitly includes all three of the other permissions.
The controls for the new access control system can be found on the Account view. On the Account view, the Users option is unchanged and allows for the creation, and removal, of users to the account.
What's new are the next two entries, Teams and Access. Teams allow users to be gathered together so that they can be granted privileges as a group. Create a team and add users to it, and yes, users can belong to more than one team. Teams don't have permissions when created.
For that you go to the Access view where you can see the teams and users and grant permission to them as appropriate for your organisation. You do have to have be the Owner to get to the Users, Teams and Access and the Owner permission can only be granted to an individual user, not to a team.
For each database deployment, there's now an Access view too. Here, you can set user and team permissions for the particular deployment. For a database, that means three permissions; Developer, Manager and Admin.
The Developer permission grants access to connection strings, backups and logs - the essential information of the database. The Manager permission when granted, lets the user scale the deployment, add and remove portals and set the database specific controls which exist. Finally, there's the Admin permission, which, like Owner combines both Developer and Manager together with control over access and roles. The Admin permission for a database is automatically granted to the user that deployed the database, but it can be shared or transferred to another user. The account owner, of course, has full access to the account.
And that's the new access control system. It provides the foundation for future user management features and delivers the control that users have asked for on their Compose accounts.
If you have a sandbox MongoDB database on our
Staff server, you should be checking your mail. There you should find details of our planned shutdown of the now antiquated, try-before-you-buy offering. We've been in the process of sunsetting sandboxes for sometime, in particular, removing the ability to create new sandboxes. Now, we're at the point where it's time to close down the servers. We're staging the shutdown of the sandbox servers and the first server to close is
Staff. If you don't know the server name your database is on, you'll find it in the connection string for the database. We've mailed all users on their given contact details and the
Staff shutdown is due on the 20th of September.
For those users, we are offering the ability to upgrade easily to a pay-for database with better availability and more up to date versions of MongoDB, or showing you how to archive your data. The other sandbox servers will follow in the future, so sandbox users may want to consider being pre-emptive to upgrade their databases to ensure continuity - Sandbox databases have never been production databases, and we hope this staged shutdown will ensure that anyone with critical data can protect their business from disruption. You'll hear from us when we are ready to close down the servers your sandbox database resides on, so make sure your email address is up to date and keep your eye on your inbox.