May 24, 2022
Feature Focus: CloudTruth RBAC
Written by: Michael Levan
Role-Based Access Control (RBAC) has been one of the most anticipated features for CloudTruth from many customers. It allows not only for better security and compliance implementations for your organization, but you’ll have true control around projects and environment usability for any CloudTruth user.
In this Feature Focus, you’ll learn what RBAC is and how to implement it in CloudTruth.
To follow along with this blog post, ensure that you have:
- The Premium subscription level of CloudTruth
What is RBAC?
RBAC, short for Role-Based Access Control, is a way to restrict systems and certain products to particular users. If you have a certain system or a certain product/feature inside of a piece of software that you only want certain users to have access to, you’d implement RBAC.
The same rules apply to a service account. If you have a service account that needs access to a particular part of an application, you can use RBAC to give the service account the specific permissions that it needs.
Using RBAC in CloudTruth, you can get incredibly granular with who has access to what. For example, let’s say you have a parent project with several child projects. You can give certain users access to some of the child projects and other users access to other child projects.
The whole idea behind RBAC, from a security perspective, is to have the ability to get granular with who has access to what. The “who” may be an actual person or a service account.
Project Access Control
When it comes to project access control, you can control who has access to what parent project and the associated child projects.
For example, taking a look at the screenshot below, you can see that Michael Levan has
owner permissions for the
MyApp parent project.
However, access control is off for the
development child project under the
MyApp parent project. At this point, the
development project is inheriting RBAC permissions from the
MyApp parent project.
If you wanted to, you could turn on access control for the
development child project so it doesn’t inherit permissions from the
MyApp parent project and instead has its own RBAC permissions.
Environment Access Control
RBAC for environment control is very similar to project control. You’ll have the ability to control what users have access to which environments.
As an example, in the below screenshot you’ll see that access control is turned off for development. This is because since a development environment, maybe the organization isn’t concerned about which engineers have access to it.
However, when it comes to a production environment, you would want to know who has access. Because of that, you’ll want to turn on access control for the production environment.
Tag(s): Configuration Management