|
1 | 1 | --- |
2 | 2 | title: Security |
3 | | -description: Tokens, Keychains, Keys, Roles |
| 3 | +description: Manage identity and access through Tokens, Keychains, Keys, and RBAC Roles. |
4 | 4 | weight: 4 |
5 | 5 | categories: [Security] |
6 | | -tags: [permissions] |
| 6 | +tags: [permissions, identity, authentication] |
7 | 7 | --- |
8 | 8 |
|
| 9 | +Layer5 Cloud provides a multi-tenant security model designed to manage access across complex organizational structures. This section covers the core components of our Identity and Access Management (IAM) system. |
9 | 10 |
|
10 | | - |
| 11 | +## Security Architecture |
| 12 | + |
| 13 | +The following diagram illustrates the relationship between Organizational Units, Roles, and the underlying Permissions: |
| 14 | + |
| 15 | + |
| 16 | + |
| 17 | +--- |
| 18 | + |
| 19 | +## Organizational Units |
| 20 | +Layer5 Cloud uses a hierarchical structure to isolate resources and manage users at scale: |
| 21 | +* **Provider Organizations:** The top-level entity that can manage multiple tenant organizations. |
| 22 | +* **Tenant Organizations:** Individual customer or project-specific organizations (e.g., Layer5, Intel). |
| 23 | +* **Teams:** Logical groupings of users within an organization to facilitate collaborative management. |
| 24 | +* **Users:** Individual accounts that are members of teams and organizations. |
| 25 | + |
| 26 | +## Roles and Access Control |
| 27 | +Access is granted through Role-Based Access Control (RBAC). Roles are assigned at different levels of the organizational hierarchy: |
| 28 | +* **Organization Administrators:** Full control over an entire tenant organization. |
| 29 | +* **Organization Billing Managers:** Access restricted to subscription and financial management. |
| 30 | +* **Team Administrators:** Management of specific team resources and memberships. |
| 31 | + |
| 32 | +## Key Management and Tokens |
| 33 | +Beyond structural roles, Layer5 Cloud uses cryptographic and session-based security: |
| 34 | + |
| 35 | +### Keychains |
| 36 | +Keychains are collections of keys used to manage environment-specific access and signing. They allow for the logical grouping of related security credentials. |
| 37 | + |
| 38 | +### Keys |
| 39 | +Keys are the atomic unit of access control within the system. They are used for secure communication between Meshery and Layer5 Cloud, as well as for signing design patterns. |
| 40 | + |
| 41 | +### Tokens |
| 42 | +Tokens provide temporary, secure access to the platform. |
| 43 | +* **Session Tokens:** Used for web browser authentication. |
| 44 | +* **Personal Access Tokens (PATs):** Used for programmatic access via CLI or CI/CD pipelines. |
| 45 | + |
| 46 | +--- |
| 47 | + |
| 48 | +### Need more detail? |
| 49 | +Check out the [Roles Reference](/docs/security/roles) for a complete matrix of permissions for each role. |
0 commit comments