A Boundary account is a resource that contains the login name and password for the password authentication method. Accounts are not users, but can be associated with users. A login name is a not a username and vice versa. Accounts are a special case for the password auth method because other auth methods already store account information (such as OIDC).
A Boundary account is a resource
that contains the login name and password for the password authentication method.
Accounts are not users,
but can be associated with users.
A login name is a not a username and vice versa.
Accounts are a special case for the password auth method
because other auth methods already store account information (such as OIDC).
An action is a defined capability within the Boundary system. Each Resource Type defines its own set of Actions. Currently, the union of actions from all Resource Types is: create, read, update, delete, list, connect. This is not a fixed list and no design or implementation should assume it will ever be a fixed list.
An action is a defined capability within the Boundary system.
Each Resource Type defines its own set of Actions.
Currently, the union of actions from all Resource Types is:
create,
read,
update,
delete,
list,
connect.
This is not a fixed list
and no design or implementation should assume it will ever be a fixed list.
## Attributes
For information on how actions are constructed into grant strings, see the [grants]() section.
For information on how actions are constructed into grant strings,
An authentication method is a method configured for an Organization to authenticate Users. The configuration of an Authentication Method may contain secrets. Zero or one Authentication Method can be configured to create Users. Creation of Groups may be added later. An Authentication Method is owned by one and only one Organization. An Authentication Method creates and references zero or more Users. An Authentication Method is deleted when the Organization it belongs to is deleted. The lifecycle of an Authentication Method is not tied to the lifecycle of any User.
An authentication method is a method configured for an Organization to authenticate Users.
The configuration of an Authentication Method may contain secrets.
Zero or one Authentication Method can be configured to create Users.
Creation of Groups may be added later.
An Authentication Method is owned by one and only one Organization.
An Authentication Method creates and references zero or more Users.
An Authentication Method is deleted when the Organization it belongs to is deleted.
The lifecycle of an Authentication Method is not tied to the lifecycle of any User.
A grant represents a set of capabilities granted to a roley. It couples a set of Actions to either a set of Resource Types or an individual Resource. A Direct Grant belongs exclusively to one and only one Role. However, equivalent Direct Grants may exist across different Roles. A Direct Grant references one or more Actions and either one or more Resource types or one specific Resource. A Direct Grant is deleted when the Role it belongs to is deleted. A Direct Grant is also deleted if it is associated with a specific Resource and that Resource itself is deleted. The lifecycle of a Direct Grant is not tied to the lifecycle of any Action or Resource Type.
A grant represents a set of capabilities granted to a roley.
It couples a set of Actions to either
a set of Resource Types
or an individual Resource.
A Direct Grant belongs exclusively to one and only one Role.
However, equivalent Direct Grants may exist across different Roles.
A Direct Grant references one or more Actions
and either one or more Resource types
or one specific Resource.
A Direct Grant is deleted when the Role it belongs to is deleted.
A Direct Grant is also deleted if it is associated with a specific Resource
and that Resource itself is deleted.
The lifecycle of a Direct Grant is not tied to the lifecycle of any Action or Resource Type.
Groups are collections of Users used only for access control purposes. A Group is owned by one and only one Scope. A Group can contain zero or more Users. A Group inherits from Principal ("is-a" Principal) allowing it to be associated with zero or more Roles. All Users in a Group are granted the capabilities of all Roles the Group is associated with. A Group is deleted when the Scope it belongs to is deleted. The lifecycle of a Group is not tied to the lifecycle of any User or Role.
Groups are collections of Users used only for access control purposes.
A Group is owned by one and only one Scope.
A Group can contain zero or more Users.
A Group inherits from Principal ("is-a" Principal)
allowing it to be associated with zero or more Roles.
All Users in a Group are granted the capabilities of all Roles the Group is associated with.
A Group is deleted when the Scope it belongs to is deleted.
The lifecycle of a Group is not tied to the lifecycle of any User or Role.
A host catalog is a permission boundary modeled as a container. A Host Catalog can contain Scopes forming a tree. A Scope can own zero to many Groups, Roles, Targets, and Host Catalogs. Scope is abstract. Organization and Project are concrete Scopes. All resources owned by a Scope are deleted when the Scope is deleted.
A host catalog is a permission boundary modeled as a container.
A Host Catalog can contain Scopes forming a tree.
A Scope can own zero to many
Groups,
Roles,
Targets,
and Host Catalogs.
Scope is abstract.
Organization and Project are concrete Scopes.
All resources owned by a Scope are deleted when the Scope is deleted.
A host set is a resource which provides a subset of Hosts from the set of Hosts of the Host Catalog it belongs to. A Host Set belongs to one and only one Host Catalog. A Host Set can contain zero or more Hosts. A Host Set can be contained by zero or more Targets. Host Set is abstract. A Host Set is deleted when the Host Catalog it belongs to is deleted. The lifecycle of a Host Set is not tied to the lifecycle of any Targets or Hosts.
A host set is a resource
which provides a subset of Hosts
from the set of Hosts of the Host Catalog it belongs to.
A Host Set belongs to one and only one Host Catalog.
A Host Set can contain zero or more Hosts.
A Host Set can be contained by zero or more Targets.
Host Set is abstract.
A Host Set is deleted when the Host Catalog it belongs to is deleted.
The lifecycle of a Host Set is not tied to the lifecycle of any Targets or Hosts.
A host is a computing element with a network address reachable from Boundary. A Host belongs to one and only one Host Catalog. A Host can be contained by zero or more Host Sets. Host is abstract. A Host is deleted when the Host Catalog it belongs to is deleted. The lifecycle of a Host is not tied to the lifecycle of any Host Sets.
A host is a computing element with a network address reachable from Boundary.
A Host belongs to one and only one Host Catalog.
A Host can be contained by zero or more Host Sets.
Host is abstract.
A Host is deleted when the Host Catalog it belongs to is deleted.
The lifecycle of a Host is not tied to the lifecycle of any Host Sets.
Boundary has a rich domain model consisting of resources that represent IAM principals, infrastructure, and the means to tie them together. This section contains information about the various resources within the domain and how they relate to each other.
Boundary has a rich domain model
consisting of resources that represent
IAM principals,
infrastructure,
and the means to tie them together.
This section contains information about the various resources within the domain
and how they relate to each other.
When getting started with Boundary, the first resource to look at should probably be [Scopes](/docs/concepts/domain-model/scopes). Every other resources is either contained within a scope, or contained within another resource that is itself contained within a scope. That page can help you understand the structure of resources within Boundary.
When getting started with Boundary,
the first resource to look at should probably be [Scopes](/docs/concepts/domain-model/scopes).
Every other resources is either contained within a scope,
or contained within another resource
that is itself contained within a scope.
That page can help you understand the structure of resources within Boundary.
An Organization is a top-level container, and owns zero to many Projects and zero to many Authentication Methods. An Organization inherits from Scope ("is-a" Scope) allowing it to own zero to many Groups, Roles, Policies, Targets, Host Catalogs or Credential Stores. When an Organization is deleted, all resources owned by it are also deleted. The lifecycle of an Organization is not tied to anything else. A Role at the Organization level can grant permissions at the Project level.
An Organization is a top-level container,
and owns zero to many Projects
and zero to many Authentication Methods.
An Organization inherits from Scope ("is-a" Scope)
allowing it to own zero to many
Groups,
Roles,
Policies,
Targets,
Host Catalogs
or Credential Stores.
When an Organization is deleted,
all resources owned by it are also deleted.
The lifecycle of an Organization is not tied to anything else.
A Role at the Organization level can grant permissions at the Project level.
A principal is any entity which can be assigned capabilities. Principal is abstract. User, Group, and Project are concrete Principals. A Principal can be assigned to zero or more Roles.
A principal is any entity which can be assigned capabilities.
Principal is abstract.
User,
Group,
and Project
are concrete Principals.
A Principal can be assigned to zero or more Roles.
A project is a child scope of an organization and is owned by an Organization. A Project inherits from Scope ("is-a" Scope) allowing it to own zero to many Groups, Roles, Policies, Targets, Host Catalogs or Credential Stores. A Project also inherits from Principal ("is-a" Principal) allowing it to be associated with zero or more Roles. A Project has no additional relationships beyond those defined in Scope and Principal. A Project is deleted when the Organization it belongs to is deleted. When a Project is deleted, all resources owned by it are also deleted. The lifecycle of a Project is not tied to any resource it contains.
A project is a child scope of an organization
and is owned by an Organization.
A Project inherits from Scope ("is-a" Scope)
allowing it to own zero to many
Groups,
Roles,
Policies,
Targets,
Host Catalogs
or Credential Stores.
A Project also inherits from Principal ("is-a" Principal)
allowing it to be associated with zero or more Roles.
A Project has no additional relationships beyond those defined in Scope and Principal.
A Project is deleted when the Organization it belongs to is deleted.
When a Project is deleted,
all resources owned by it are also deleted.
The lifecycle of a Project is not tied to any resource it contains.
A resource is an instance of one of the Resource Types. Resource is abstract. A Resource can be associated with zero or more Direct Grants. A resource can be any one of the following: organization, project, authentication-method, group, role, target, host-catalog, host-set, credential-catalog, credential-set.
A resource is an instance of one of the Resource Types.
Resource is abstract.
A Resource can be associated with zero or more Direct Grants.
A role is a collection of capabilities granted to any Principal the Role is assigned to. A Role belongs to one and only one Scope. A Role owns zero or more Direct Grants. A Role can be assigned to zero or more Principals. A Principal assigned a Role receives all capabilities granted by any Direct Grant owned by the Role. A Role is deleted when the Scope it belongs to is deleted. All Direct Grants owned by a Role are deleted when the Role is deleted. The lifecycle of a Role is not tied to the lifecycle of any Principal.
A role is a collection of capabilities granted to any Principal the Role is assigned to.
A Role belongs to one and only one Scope.
A Role owns zero or more Direct Grants.
A Role can be assigned to zero or more Principals.
A Principal assigned a Role receives all capabilities granted by any Direct Grant owned by the Role.
A Role is deleted when the Scope it belongs to is deleted.
All Direct Grants owned by a Role are deleted when the Role is deleted.
The lifecycle of a Role is not tied to the lifecycle of any Principal.
A scope is a permission boundary modeled as a container. A Scope can contain Scopes forming a tree. A Scope can own zero to many Groups, Roles, Policies, Targets, Host Catalogs and Credential Stores. Scope is abstract. Organization and Project are concrete Scopes. All resources owned by a Scope are deleted when the Scope is deleted.
A scope is a permission boundary modeled as a container.
A Scope can contain Scopes forming a tree.
A Scope can own zero to many
Groups,
Roles,
Policies,
Targets,
Host Catalogs
and Credential Stores.
Scope is abstract.
Organization and Project are concrete Scopes.
All resources owned by a Scope are deleted when the Scope is deleted.
A target is a networked service a User can connect to and interact with through Boundary. A Target does not directly contain any secrets. A Target contains a collection of Hosts. A Target belongs to one and only one Scope. A Target can contain zero or more Host Sets. Target is abstract. A Target is deleted when the Scope it belongs to is deleted. The lifecycle of a Target is not tied to the lifecycle of any Host Set.
A target is a networked service
a User can connect to
and interact with
through Boundary.
A Target does not directly contain any secrets.
A Target contains a collection of Hosts.
A Target belongs to one and only one Scope.
A Target can contain zero or more Host Sets.
Target is abstract.
A Target is deleted when the Scope it belongs to is deleted.
The lifecycle of a Target is not tied to the lifecycle of any Host Set.
A user is any entity authorized to access Boundary using authentication credentials specific to one of the configured Authentication Methods. A User is owned by one and only one Organization. A User is associated with zero or one Authentication Methods. A User not associated with an Authentication Method can not log in to the system. A User can belong to zero or more Groups. A User inherits from Principal ("is-a" Principal) allowing it to be associated with zero or more Roles. A User is deleted when the Organization it belongs to is deleted. The lifecycle of a User is not tied to the lifecycle of any Authentication Method, Group or Role, but rather to its Organization only
A user is any entity authorized to access Boundary
using authentication credentials specific to one of the configured Authentication Methods.
A User is owned by one and only one Organization.
A User is associated with zero or one Authentication Methods.
A User not associated with an Authentication Method can not log in to the system.
A User can belong to zero or more Groups.
A User inherits from Principal ("is-a" Principal) allowing it to be associated with zero or more Roles.
A User is deleted when the Organization it belongs to is deleted.
The lifecycle of a User is not tied to the lifecycle of any
Michael Gaffney
6 years ago
committed by
GitHub