Configuration Management
May 24, 2022
Role-Based Access Control (RBAC) has been one of the most anticipated features for CloudTruth from many customers. It allows not only for better security and compliance implementations for your organization, but you’ll have true control around projects and environment usability for any CloudTruth user.
In this Feature Focus, you’ll learn what RBAC is and how to implement it in CloudTruth.
To follow along with this blog post, ensure that you have:
RBAC, short for Role-Based Access Control, is a way to restrict systems and certain products to particular users. If you have a certain system or a certain product/feature inside of a piece of software that you only want certain users to have access to, you’d implement RBAC.
The same rules apply to a service account. If you have a service account that needs access to a particular part of an application, you can use RBAC to give the service account the specific permissions that it needs.
Using RBAC in CloudTruth, you can get incredibly granular with who has access to what. For example, let’s say you have a parent project with several child projects. You can give certain users access to some of the child projects and other users access to other child projects.
The whole idea behind RBAC, from a security perspective, is to have the ability to get granular with who has access to what. The “who” may be an actual person or a service account.
When it comes to project access control, you can control who has access to what parent project and the associated child projects.
For example, taking a look at the screenshot below, you can see that Michael Levan has owner permissions for the MyApp parent project.
However, access control is off for the development child project under the MyApp parent project. At this point, the development project is inheriting RBAC permissions from the MyApp parent project.
If you wanted to, you could turn on access control for the development child project so it doesn’t inherit permissions from the MyApp parent project and instead has its own RBAC permissions.
RBAC for environment control is very similar to project control. You’ll have the ability to control what users have access to which environments.
As an example, in the below screenshot you’ll see that access control is turned off for development. This is because since a development environment, maybe the organization isn’t concerned about which engineers have access to it.
However, when it comes to a production environment, you would want to know who has access. Because of that, you’ll want to turn on access control for the production environment.
Our bite-sized newsletter with DevSecOps industry tips and security alerts to increase pipeline velocity and system security.
