Skip to main content
Sign in

Managing RBAC in CloudSoda

Sheila Barthel
  • Updated

The CloudSoda application features Role-Based Access Control (RBAC), which is the cornerstone of a flexibly managed system architecture. RBAC assigns users to roles and defines permissions based on roles, rather than associating privileges with users directly. Utilizing RBAC allows application administrators to securely manage access to application resources and efficiently assign permissions to different user groups. 

The following topics introduce the basic concepts of RBAC and how to start using it in your CloudSoda environment. 

RBAC Concepts

User
An individual who interacts with CloudSoda via the UI.

Client

The client interacts with the CloudSoda API programmatically.

Resource

A resource refers to the objects that users or clients create, use, and manage. Examples of resources include Accessors, Agents, and Storage.

Role
A role is a group of users or clients and it describes people in the identity system within an organization. Think of a role as a job title and the roles you create within CloudSoda should reflect job titles or job functions within your organization. All users assigned to a role are granted permissions associated with that role. Some example role names would be IT Admin, Accounting, Editor, and External Collaborator. 

Scope

A scope is a collection of related system resources, often different Storages, needed for a specific business function. For example, a scope named Editorial would contain all of the resources in CloudSoda that Editors need to access to perform their job duties.

Access Control

Relationships between roles and scopes that are defined in CloudSoda. Access controls are user permissions to perform actions or manage system functions. For example, Editors would be assigned user permissions to read and write to system resources associated with the Editorial scope, as shown in the RBAC graphic below.

RBAC Model and Relationships

rbac.png

The RBAC model authorizes a user to access and perform actions in the CloudSoda system based on the user's assigned roles. The user's access and authority within the system reflect the permisRBAC Conceptssions defined for the assigned role.

  • A user can have multiple roles
  • A role can be assigned to multiple users
  • A resource must be assigned to a scope
  • A scope can have multiple resources

To implement RBAC in your CloudSoda environment using several standard roles that cover a broad range of use cases, see Getting Started with RBAC. For detailed information on defining the key elements of RBAC, see Managing Roles, Scopes, and Permissions.

 

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles

Comments

0 comments

Article is closed for comments.