I think it would be a good idea to have team management at project level.
We have many projects and members in our Atlas account.
I'm a organization owner. The people in my organization use the Altas service. I create
a project for them and give my colleagues the project owner authorizations.
Project owners can invite other members. This is good. But it's a little inconsistent that
they are not able to create groups or teams within their projects They have to manage the permissions for each member separately.
We can't use organization teams, because they are located at the organizational level. Therefore, only the owner of an organization can create teams.
And only the owner of an organization can add or remove members from a team.
To my mind, there is a missing privilege level for teams. Something like "team manager" which could be a user or a list of user who can just add or remove user to the given team.
Team manager and managed users would be known users at organization level wathever their organization privilege.
This could let organization owner to keep team's privilege management
and delegate team member management without granting organization owner privilege to this team manager.
Hi Greg, Can you comment on whether the new Cross-Org Billing capability I mentioned earlier may suffice for your needs? It allows you to use multiple Organizations for different groups to isolate authorization but still share a billing subscription.
It would also be nice if Organization Read Only role allowed for viewing of Teams.
I think this is the same issue we have. I just want some sort of privilege where individuals that don't have Org Owner or Org Proj Creator privileges can view the members of a Team. We are an enterprise and our management group won't allow us those privileges, yet it would be helpful to be able to view the team member list so that we don't duplicate requests to have people added to teams. For Mongo employees that may be viewing this, I have this documented in a support case (659767)
We hear you loud and clear on needing to have more flexibility and have long term plans to do so.
Importantly, we also just released a new capability for Atlas customers on annual subscriptions: Cross-Org Billing. With Cross-Org Billing you can link other Atlas Orgs to your "Paying Atlas Org" and have them pay through that subscription.
One of the key drivers for creating this was to give customers more flexibility so that they can have authorization-level isolation across different Orgs, while maintaining a loose coupling for a shared Billing environment. By the way, you can move Projects between Orgs if you're an Org Owner of both orgs -- doing so is a no-downtime purely logical/mapping change. This might allow you to give folks their own Org and then from there they can set up their own Teams/Projects as they wish?
More detail here: https://docs.atlas.mongodb.com/billing/#cross-organization-billing