Alphaus | Documentation
WebsiteRepoTech blog (JP)Tech blog (EN)
ALM v3.0
ALM v3.0
  • What is ALM?
  • Getting started
    • Login for the first time
    • Adding AWS account
    • Adding Azure account
    • Adding Alibaba account
    • Adding GCP account
    • Adding Fujitsu K5 account
  • ALM Template
    • What is ALM Template?
    • Reference (2017-03-03)
    • ALM Template Language
    • Example ALM Templates
  • ALM Agent
    • Overview
    • Getting Started
    • Agent
    • Commands
    • Add-ons
    • Contributing
  • RBAC
    • Overview
    • What is RBAC?
    • Getting started
    • Working with RBAC
    • Release history
    • Example RBAC roles
Powered by GitBook
On this page
  • Concepts
  • Create roles
  • Attach roles to users or teams
  • End user effect
  • How does RBAC work?

Was this helpful?

  1. RBAC

What is RBAC?

RBAC is a policy document that formally states one or more permissions. To assign permissions to a user, you create a policy, which is a document that explicitly lists permissions.

Concepts

Create roles

  • Create roles can be done by root account only. (Root account is the one you login using your email address.)

  • Create roles action can be performed through CLI, API or UI.

  • Editing roles is simple and straightforward. All users under your root account will be able to view their roles that assigned to them.

Attach roles to users or teams

  • Role can be created by root account only.

  • Role can be assigned to Users and Teams.

  • Users or Teams can be attached with one Role only.

  • Roles assigned on Team will overwrite the roles assigned on User.

End user effect

  • When users login to Mobingi ALM dashboard (or interacting through CLI or API), roles that attached to them will be evaluated on every action request.

  • If an action isn't granted by the role definition, such action will be denied.

  • If an action is grated by the role definition, the action will be allowed.

How does RBAC work?

Before any requests goes in, the RBAC module will check for the current user's role settings first, then it passes or denies the request.

For the requests being passed, there is no other actions need to perform.

For the requests been denied, the client (usually UI console, or API and CLI) will returned with the following error:

HTTP Status Code 403
{
    "RBAC": "Action not allowed"
}

As an example, apply the following to your ALM user to allow performing every action excepts deleting stacks:

{
    "version": "2017-05-05",
    "statement": [
        {
            "effect": "allow",
            "action": "*",
            "resource": "*"
        },
        {
            "effect": "deny",
            "action": "delete:alm.stack",
            "resource": "*"
        }
    ]
}
PreviousOverviewNextGetting started

Last updated 6 years ago

Was this helpful?