aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8615d21a1f'
${ noResults }
boundary/website/content/docs/concepts/domain-model/roles.mdx

40 lines
1.1 KiB
Raw Blame History

---
layout: docs
page_title: Configuration
sidebar_title: Roles
description: |-
How to configure Boundary roles
---
# Roles
A role is a collection of capabilities granted to any Principal the Role is assigned to. A Role belongs to one and only one Scope. A Role owns zero or more Direct Grants. A Role can be assigned to zero or more Principals. A Principal assigned a Role receives all capabilities granted by any Direct Grant owned by the Role. A Role is deleted when the Scope it belongs to is deleted. All Direct Grants owned by a Role are deleted when the Role is deleted. The lifecycle of a Role is not tied to the lifecycle of any Principal.
```shell-session
+---------------------------------+
| Organization |
+----------------+----------------+
| Role 1 | Role 2 |
+----------------+----------------+
```
## Attributes
### ID
A role is prefixed with `r_` followed by ten digits.
Example: `r_0123456789`
### Users
A role can have zero or more users associated with it.
### Groups
A role can have zero or more groups assocaited with it.
### Grants
A role can have zero or more grants associated with it.
Reference in new issue View Git Blame Copy Permalink