RBAC or Role-Based Access Control in SSR Multi-tenancy
- Jean-luc KRIKER
https://docs.128technology.com/docs/config_RBAC/
- Create an MSP's customer: Resource Group
- Assign resources to a resource Group ( like: Router, service, Service-policy, . . . )
- Create Role: user Access Management role ( like: Admin, operator,... )
- Create Users and Assign roles to users
- Open a New session with the use User account
| Create an MSP's customer | Authority level |
|---|---|
| Create a Resource Group | Configure > Authority > Create a New Resource Group / RBAC
|
| Assign resources | Router level |
| Assign Resource Groups to Authority-level Resources ( Router ) | Configure > Router > Resource Group > Select the RBAC ( !!! service group is different, it's just grouping many services together for ... ) |
| Assign a Resource Group to a Service: | Configure > Service > Service Applies To > Select: resource-group >> then ADD the RBAC: example: MSP-Customer1 |
| Assign a Resource Group to a Service-Policy: | Configure > Service Policy > Service-Policy Applies To > Select : resource-group >> then ADD the RBAC: example: MSP-Customer1 |
| Create user Access Management Role | Role or functions per MSP's customers |
| Create an Access Management Role | Configure > Authority > Access Management Roles > Add ACM: Company1-Admin >>> Add Capability: Read, Write and provisioning (Provisioning allows users to perform software lifecycle management duties, such as download software, upgrade existing installations, etc.) >>> Map with Resource Group: example: MSP-Customer1
|
| data | 128t:/authority/router/xxxxxxx/node/xxxxxx/device-interface/xxxxxxxx/network-interface/xxxxxxxx/..../* 128t:/authority/service/xxxxxx/..../* >> >use the command: show config authority running flat | branch1 show config authority running flat | service |
>>> Include or Exclude resources (can be done at the resource level instead = Easier ) Generated ( created from the ressource
| |
| Data Model | data model |
https://docs.128technology.com/docs/concepts_glossary/ | |
 | |
| |
| Create User and Assign roles to users | |
Create Users and Assign Roles | Users >> Create a New user: company1-admin >> Map to: company1-Admin-role |
| |
| |
| |
show roles
| |
| Open a New session | log as MSP-customer1 user account |
