Example Teams Structure

Imagine that your organization, Acme, includes a team called Engineering that contains smaller teams that focus on building specific components. The Identity and DevOps teams are specialized teams within the larger Engineering team.

Using the Teams feature, you can structure your users and permissions in the following way:

access management teams hierarchy

The user teams shown here are defined as follows:

  • Acme

    This team represents your organization and root team, and every user in your organization is a member. By default, the team’s name is Everyone at Acme. You can set your permissions such that all Acme users can easily collaborate within your organization by creating new projects in Anypoint Design Center and viewing assets in Anypoint Exchange. To do this, you must configure the following permissions for the Everyone at Acme team:

    • Design Center Developer

    • Exchange Viewer

  • Engineering

    The first child team of the Acme team, this team includes all of Acme’s engineers, but it excludes Acme’s other members, such as the Marketing and Partner teams. The Engineering team inherits permissions from the Everyone at Acme team, but you can give it additional permissions as needed. You can set permissions that allow the members of the Engineering team to deploy code to preproduction environments such as sandbox and design, but you can exclude permissions to deploy to production. To do this, you must configure the following permissions for the Engineering team:

    • Deploy API Proxies (applicable to sandbox and design environments)

    • Design Center Developer

    • Exchange Viewer

  • DevOps

    This team is one of two child teams under the Engineering team. The DevOps team is a group of specialized engineers who manage production code across all engineering teams. Unlike with the parent Engineering team, you can give the DevOps team permission to manage code in the production environment, rather than only in the preproduction branches. To do this, you must configure the following permissions for the DevOps team:

    • Deploy API Proxies (applicable to sandbox, design, and production environments)

    • Design Center Developer

    • Exchange Viewer

  • Identity

    This team is one of two child teams under the Engineering team. The Identity team is responsible for managing projects, assets, and other materials in its designated business groups. As a child of the Engineering team, the Identity team can still deploy code to preproduction environments, but unlike members of DevOps, members of Identity do not need to deploy to production. You cannot give this team permission to manage the entire organization, but you can give it permission to manage the Audit Log and Authentication service business groups by configuring the Administrator permission within the scope of the Audit Log and Authorization Service business groups. Combined with the inherited permissions from the Engineering team, the Identity team has the following permissions:

    • Administrator (applicable to Audit Log and Authorization Service business groups)

    • Deploy API Proxies (applicable to sandbox and design environments)

    • Design Center Developer

    • Exchange Viewer

Was this article helpful?

💙 Thanks for your feedback!

Edit on GitHub