HackMD - Collaborative Markdown Knowledge Base

**Action**: Above can “view” the resource of accounts Down it **Resource**: The usage of AWS resource of that account Create User ?? Only Admin can create user now ( create keto rule ) - Provide API to add user to certain group - API: list the usage of AWS resource of that account. (product family. sub account) - The user of certain level can access that level’s API. **Current Rule** Admin -> Ubitus Sales -> L1 代理商-> L2 代理商->L3 代理商 -> Company -> individual AWS sub account (就是現在的 Division) ``` **Division** reports:Division#view@(groups:Division#member) **Company** reports:Company#view@(groups:Company#member) // inherit reports:Division#view@(groups:Company#member) **L3** reports:L3#view@(groups:L3#member) // inherit reports:Company#view@(groups:L3#member) reports:Division#view@(groups:L3#member) **L2** reports:L2#view@(groups:L2#member) // inherit reports:L3#view@(groups:L2#member) reports:Company#view@(groups:L2#member) reports:Division#view@(groups:L2#member) **L1** reports:L1#view@(groups:L1#member) // inherit reports:L2#view@(groups:L1#member) reports:L3#view@(groups:L1#member) reports:Company#view@(groups:L1#member) reports:Division#view@(groups:L1#member) **Sales** reports:Sales#view@(groups:Sales#member) // inherit reports:L1#view@(groups:Sales#member) reports:L2#view@(groups:Sales#member) reports:L3#view@(groups:Sales#member) reports:Company#view@(groups:Sales#member) reports:Division#view@(groups:Sales#member) **Ubitus** reports:Ubitus#view@(groups:Ubitus#member) // inherit reports:Sales#view@(groups:Ubitus#member) reports:L1#view@(groups:Ubitus#member) reports:L2#view@(groups:Ubitus#member) reports:L3#view@(groups:Ubitus#member) reports:Company#view@(groups:Ubitus#member) reports:Division#view@(groups:Ubitus#member) **Add user** groups:Division#member@user_sub_account groups:Company#member@user_company groups:L3#member@user_L3 groups:L2#member@user_L2 groups:L1#member@user_L1 groups:Sales#member@user_sales groups:Ubitus#member@user_ubitus ```