aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'malnick-err-cli-update'
${ noResults }
boundary/website/content/docs/common-workflows/manage-scopes.mdx

136 lines
3.7 KiB
Raw Permalink Blame History

---
layout: docs
page_title: Manage Scopes
sidebar_title: Manage Scopes
description: How to manage Boundary scopes
---
# Manage Scopes
Scopes are a foundational part of Boundary. They allow users to segregate resources and assign ownership of resources to principals. There are three hierarchies of scopes within Boundary:
1. Global
2. Organization
3. Project
Some resources can only be associated with a specific level of scope. Targets for example can only be project scope. Other resources can be of multiple scopes. For example, users can be both global and organization level scoped. See the [domain model](/docs/domain-model) for detailed resource specific information.
In this example, we're going to create two scopes, a project and an organization.
~> All resource ID's in this example are illustration only - ID's are uniquely generated for every resource upon creation with the exception being
generated resources in `dev` mode. Please make sure to use the resource ID's that are generated when running this example. For example, if you run
`boundary users create`, use the resource ID of the user seen in stdout, not the ID in the example command.
## Create an Organization
An organization lives in the global scope. In this example, we're going to create an organization. In doing so, we're going to opt for automated role creation during scope generation in order to simplify management of the scope by the user.
<Tabs>
<Tab heading="CLI">
```bash
$ boundary scopes create -scope-id global -name my_org -description 'My frist org'
Scope information:
Created Time: Tue, 29 Sep 2020 05:48:22 PDT
Description: My frist org
ID: o_y0fEd8iY2J
Name: my_org
Updated Time: Tue, 29 Sep 2020 05:48:22 PDT
Version: 1
Scope (parent):
ID: global
Name: global
Type: global
```
</Tab>
<Tab heading="Admin Console">
Navigate to the main boundary landing page and choose `new` organization:
![](/img/manage-scopes-org-undefined.png)
Fill in the orgnaization details:
![](/img/manage-scopes-org-settings.png)
Click save and view the org in the main Boundary landing page:
![](/img/manage-scopes-org-defined.png)
</Tab>
<Tab heading="Terraform">
```hcl
resource "boundary_scope" "org" {
scope_id = "global"
name = "my_org"
description = "My first org"
auto_create_role = true
}
```
</Tab>
</Tabs>
## Create a Project
Next, we're going to add a project scope to our organization. Again, we're going to opt for automated role creation to simplify management of this scope.
<Tabs>
<Tab heading="CLI">
```bash
$ boundary scopes create -scope-id o_0MkQUfE9jA -name my_project -description 'My frist project'
Scope information:
Created Time: Tue, 29 Sep 2020 05:57:45 PDT
Description: My frist project
ID: p_jqCwqjSTQ4
Name: my_project
Updated Time: Tue, 29 Sep 2020 05:57:45 PDT
Version: 1
Scope (parent):
ID: o_0MkQUfE9jA
Name: my_org
Parent Scope ID: global
Type: org
```
</Tab>
<Tab heading="Admin Console">
Navigate to your org in the UI and click `new` project:
![](/img/manage-scopes-project-undefined.png)
Add the project settings:
![](/img/manage-scopes-project-settings.png)
View the newly created project:
![](/img/manage-scopes-project-defined.png)
</Tab>
<Tab heading="Terraform">
```hcl
resource "boundary_scope" "project" {
name = "my_project"
description = "My first project"
# scope_id is taken from the org resource defined above
scope_id = boundary_scope.org.id
auto_create_role = true
}
```
</Tab>
</Tabs>
Reference in new issue View Git Blame Copy Permalink