ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Role Based Access Control - Overview

Role-Based Access Control (RBAC) enables the management of user permissions across infrastructure: public and private clouds, containers, hypervisors, and bare-metal devices. Each organization can have a number of teams, each with different access policies to the infrastructure.

Note: Each organization will require a subscription plan.

Nomenclature

  • Account - An account can have many organizations. Each organization will require a subscription.
  • Organization - Organization can have many teams.
  • Team - Team has members.
  • Member - Members belong to 1 or more teams. Members have a unique username and password to access the ClearGLASS interface.
  • Policy - a TeamPolicy is associated with a Team. A Policy can have many rules
  • Rule - Rules define member permissions

Roles

  • Account owner - this role has complete administrative control; can create organizations, teams, add and remove members, and create and edit rules
  • Members - the default role for everyone else; a member can’t create a team or rules or invite members to join a team

RBAC workflow for an account owner

  1. Create a Team.

cg_createteam.jpg

  1. Create a Team Policy.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?media=content:en_us:cg_createteampolicy.png

  1. Invite Members to join the team.

cg_addmembers.jpg

Rules will apply to all team members

Organizations, Teams, and Rules are created by an account owner. A policy is always associated with a Team. Rules are always associated with a Policy and define Member’s permissions. Example:

- An account owner can create Rules which reside in a policy that specifies the public clouds a team member can provision a virtual server on.

https://clearos.com/dokuwiki2/lib/exe/fetch.php?media=content:en_us:cg_teampolicy.png

Rules are always assigned to a Team rather than directly to Members. To grant permissions to a Member, you first need to assign a member to a Team. Members inherit access permissions from the Team. A Member can belong to more than one Organization and/or Team.

content/en_us/cg_role-based-access-control.txt · Last modified: 2018/03/08 14:37 by cjones

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Acg_role-based-access-control&1544459611