aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cf3900a906'
${ noResults }
boundary/website/content/docs/concepts/domain-model/scopes.mdx

91 lines
3.3 KiB
Raw Blame History

---
layout: docs
page_title: Domain model - scopes
description: |-
The anatomy of a Boundary scope
---
# Scopes
A scope is a [permission][] boundary modeled as a container.
There are three types of scopes in Boundary:
A single [global][] scope which is the outermost container;
[organizations][] (orgs) which are contained by the `global` scope;
and [projects][] which are contained by orgs.
Each scope is itself a resource.
## Global
The global scope is the outermost scope.
There is always a single global scope
and it cannot be deleted.
The global scope can directly contain:
[users][], [groups][], [auth methods][], and [organizations][].
## Organizations
~> **Note:** Within the software itself and elsewhere in the documentation, Boundary reliably uses "org" instead of "organization". Among other reasons, this removes ambiguity between different regional spellings of the word. It is spelled out here in the domain model for completeness and to ensure its intent is clear.
An org is a scope directly contained by the global scope.
There can be multiple orgs within the global scope.
An org can directly contain:
[users][], [groups][], [auth methods][], [roles][], and [projects][].
## Projects
A project is a scope directly contained by an org scope.
There can be multiple projects within an org.
A project can directly contain:
[roles][], [targets][], [host catalogs][], and [credential stores][].
## Attributes
A scope has the following configurable attributes:
- `name` - (optional)
If set, the `name` must be unique within the scope's parent scope.
- `description` - (optional)
## Referenced by
- [Auth Method][]
- [Credential Store][]
- [Group][]
- [Host Catalog][]
- [Role][]
- [Target][]
- [User][]
[auth method]: /boundary/docs/concepts/domain-model/auth-methods
[auth methods]: /boundary/docs/concepts/domain-model/auth-methods
[credential store]: /boundary/docs/concepts/domain-model/credential-stores
[credential stores]: /boundary/docs/concepts/domain-model/credential-stores
[global]: /boundary/docs/concepts/domain-model/scopes#global
[group]: /boundary/docs/concepts/domain-model/groups
[groups]: /boundary/docs/concepts/domain-model/groups
[host catalog]: /boundary/docs/concepts/domain-model/host-catalogs
[host catalogs]: /boundary/docs/concepts/domain-model/host-catalogs
[organization]: /boundary/docs/concepts/domain-model/scopes#organizations
[organizations]: /boundary/docs/concepts/domain-model/scopes#organizations
[permission]: /boundary/docs/concepts/security/permissions
[permissions]: /boundary/docs/concepts/security/permissions
[project]: /boundary/docs/concepts/domain-model/scopes#projects
[projects]: /boundary/docs/concepts/domain-model/scopes#projects
[role]: /boundary/docs/concepts/domain-model/roles
[roles]: /boundary/docs/concepts/domain-model/roles
[target]: /boundary/docs/concepts/domain-model/targets
[targets]: /boundary/docs/concepts/domain-model/targets
[user]: /boundary/docs/concepts/domain-model/users
[users]: /boundary/docs/concepts/domain-model/users
## Service API docs
The following services are relevant to this resource:
- [Scope Service](/boundary/api-docs/scope-service)
## Tutorial
Refer to the [Manage Scopes with HCP Boundary](/boundary/tutorials/hcp-administration/hcp-manage-scopes) tutorial to learn how to create an org scope and a project scope.
Reference in new issue View Git Blame Copy Permalink