|
|
|
|
@ -8,46 +8,49 @@ description: |-
|
|
|
|
|
|
|
|
|
|
# Users
|
|
|
|
|
|
|
|
|
|
A user is any entity authorized to access Boundary
|
|
|
|
|
using authentication credentials specific to one of the configured Authentication Methods.
|
|
|
|
|
A User is owned by one and only one Organization.
|
|
|
|
|
A User is associated with zero or one Authentication Methods.
|
|
|
|
|
A User not associated with an Authentication Method can not log in to the system.
|
|
|
|
|
A User can belong to zero or more Groups.
|
|
|
|
|
A User inherits from Principal ("is-a" Principal) allowing it to be associated with zero or more Roles.
|
|
|
|
|
A User is deleted when the Organization it belongs to is deleted.
|
|
|
|
|
The lifecycle of a User is not tied to the lifecycle of any
|
|
|
|
|
Authentication Method,
|
|
|
|
|
Group
|
|
|
|
|
or Role,
|
|
|
|
|
but rather to its Organization only
|
|
|
|
|
|
|
|
|
|
```shell-session
|
|
|
|
|
+-------------------------------------+
|
|
|
|
|
| Organization |
|
|
|
|
|
+-------------------------------------+
|
|
|
|
|
| User 1 | User 2 | User 3 |
|
|
|
|
|
+-------------------------------------+
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
# Attributes
|
|
|
|
|
|
|
|
|
|
### ID
|
|
|
|
|
|
|
|
|
|
A user ID has a `u_` prefix followed by ten digits.
|
|
|
|
|
|
|
|
|
|
Example: `u_0123456789`
|
|
|
|
|
|
|
|
|
|
### Name
|
|
|
|
|
|
|
|
|
|
A user name is the friendly name of a user resource.
|
|
|
|
|
|
|
|
|
|
### Description
|
|
|
|
|
|
|
|
|
|
A user description is the friendly description of the user resource.
|
|
|
|
|
|
|
|
|
|
# Referenced By
|
|
|
|
|
|
|
|
|
|
- [Groups]()
|
|
|
|
|
- [Roles]()
|
|
|
|
|
- [Organization]()
|
|
|
|
|
A user is a resource
|
|
|
|
|
that represents an individual person or entity
|
|
|
|
|
for the purposes of access control.
|
|
|
|
|
A user can be associated with zero or more [accounts][].
|
|
|
|
|
A user authenticates to Boundary through one of the accounts associated with that user.
|
|
|
|
|
However, if a user is not associated with any account,
|
|
|
|
|
they will not be able to access Boundary.
|
|
|
|
|
|
|
|
|
|
A user is a principal
|
|
|
|
|
which allows it to be assigned to [roles][].
|
|
|
|
|
A user receives all the [permissions][]
|
|
|
|
|
of the roles assigned directly to the user
|
|
|
|
|
and all the permissions of roles assigned to [groups][] the user is in.
|
|
|
|
|
|
|
|
|
|
Users can be defined at either a [Global][] or [Organization][] [scope][].
|
|
|
|
|
A user can only be associated with accounts from an [authentication method][]
|
|
|
|
|
configured in the same scope.
|
|
|
|
|
|
|
|
|
|
## Attributes
|
|
|
|
|
|
|
|
|
|
A user has the following configurable attributes:
|
|
|
|
|
|
|
|
|
|
- `name` - (optional)
|
|
|
|
|
If set, the `name` must be unique within the user's immediate parent [scope][].
|
|
|
|
|
|
|
|
|
|
- `description` - (optional)
|
|
|
|
|
|
|
|
|
|
## Referenced By
|
|
|
|
|
|
|
|
|
|
- [Account][]
|
|
|
|
|
- [Global][]
|
|
|
|
|
- [Group][]
|
|
|
|
|
- [Organization][]
|
|
|
|
|
- [Role][]
|
|
|
|
|
|
|
|
|
|
[account]: /docs/concepts/domain-model/accounts
|
|
|
|
|
[accounts]: /docs/concepts/domain-model/accounts
|
|
|
|
|
[authentication method]: /docs/concepts/domain-model/auth-methods
|
|
|
|
|
[global]: /docs/concepts/domain-model/scopes#global
|
|
|
|
|
[group]: /docs/concepts/domain-model/groups
|
|
|
|
|
[groups]: /docs/concepts/domain-model/groups
|
|
|
|
|
[organization]: /docs/concepts/domain-model/scopes#organizations
|
|
|
|
|
[permissions]: /docs/concepts/security/permissions
|
|
|
|
|
[role]: /docs/concepts/domain-model/roles
|
|
|
|
|
[roles]: /docs/concepts/domain-model/roles
|
|
|
|
|
[scope]: /docs/concepts/domain-model/scopes
|
|
|
|
|
|
Michael Gaffney
6 years ago
committed by
GitHub