Reference Table: Ownership between Tenant Scale, Authentication, and Authorization
Why is this table created?
There is overlap in internal objects, user personas, and feature sets between Tenant, AuthN, and AuthZ. This table will help align ownership and ultimately assist with:
- Feature ownership
- Minimizing duplicate work
- Identifying collaborative touch points
- Routing customer feature requests and bugs
Tenant Scale | Authentication | Authorization |
---|---|---|
Cell: Data isolation and scalability | System access: General authentication, User Creation, Passkey, 2FA, Password management |
Permission and access to resources* |
Groups: Group object, General settings of group objects |
User Management: User Profile, Avatars, User API, User Settings, Password management User lifecycle: Automated provisioning/deprovisioning SAML, LDAP, SCIM, OIDC, SAML group sync Enterprise User Controls Pending users (the state between a user invitation and them creating an account) |
Default Roles: Guest, Reporter, Developer, Maintainer, Owner |
Projects: Project Object, General settings of project objects | Predefined Users: Admin User, Auditor User, External User | Custom roles and permissions |
Organization: Object that encompasses multiple namespaces along with configuring data and settings. | OAuth Applications |
*Grouping and consolidating of permissions: Simplifying policy checks and building consistent CRUD model to access resources and settings. |
Groups and projects on User Profile | Admin page on self-managed |
*Cross-functional support to build access controls against sensitive resources such as terraform state, registries, kubernetes |
Membership: Group sharing, member inheritance, member management of groups and projects |
Access Tokens: Personal, Group and Project Service Accounts |
Access Analyzer: Visibility into resource access for auditing and debugging. |
pending members (the state between converting a user to a member) |
Permission and role inheritance between groups and projects |