Resource-based Access Control (RBAC)
- A set of credentials typically corresponds to a user account, but they can be also machine-to-machine credentials.
- Tenant is “a group of users who share a common access with specific privileges to a software instance”.
- It can be a company, a department, a team etc.
- By definition, a tenant can have multiple users (sets of credentials).
- A user can join several tenants.
- Role is a named set of resources, it is used to grant user access to those resources.
- A user can have multiple roles.
- A role can be assigned to multiple users.
- Tenant roles are valid only for one specific tenant.
- Global roles are valid across all tenants.
- Resource is an identifier of an actual software resource or an action performed on that resource.
- Having access to a resource means having rights to what it represents (
- Any resource can be assigned to several roles.
- A role can have multiple resources.
- Resources cannot be assigned directly to credentials; credentials can have access to a resource only through a role.