Security on Layer5 Documentation

Provider Admin Role

Mon, 01 Jan 0001 00:00:00 +0000

Provider Administrator 🔗

What is the purpose of this role?

Used for administration of Layer5 Cloud.
Used for debugging and monitoring.
Applicable to platform engineering team and on-prem users.

Who can assign this role?

Provider Admins

When this role first assigned?

On ☁️ boot-up (using build args)

How many instances of these roles?

Min: 1, Max: many (based on plan)

Who can remove assignment of this role?

Default Organization Roles

Mon, 01 Jan 0001 00:00:00 +0000

Default Organization Roles

Organization Administrators 🔗

What is the purpose of this role?

Administration of an organization (for each organization for which the user has this role assigned)

Who can assign this role?

The Organization Owner

When this role first assigned?

Creation of new organization or User Account creation

How many instances of these roles?

Default Workspace Roles

Mon, 01 Jan 0001 00:00:00 +0000

Workspace Administrator 🔗

What is the purpose of this role?

Administration of a workspace along with curation of content for the organization’s catalog (for each organization for which the user has this role assigned)

Who can assign this role?

Organization Administrators or Workspace Owner

When this role first assigned?

Creation of a new workspace

How many instances of these roles?

Keychains

Mon, 01 Jan 0001 00:00:00 +0000

In Layer5 Cloud, a collection of permissions is represented as a keychain. One or more keychains can are grouped together and assigned to a role. Later, a role can be assigned to a user. This is the general flow of how keychains are assigned to a user.

For instance, consider a system shipped default keychain Team Management, which is a collection of eight keys: View All Teams, Add User to Team, Invite User to Team, Remove User from Team, Create Team, Delete Team, Remove User Role from Team, and Assign User Role in a Team. This implies that you can perform all these operations only if your user account possesses a role to which Team Management keychain is assigned in a given organization.

Keys

Mon, 01 Jan 0001 00:00:00 +0000

In Layer5 Cloud, permissions are represented as keys, each serving as a unique identifier for a specific permission. One or more keys can be grouped together and assigned to a keychain. Then this keychain can be assigned to a role and that role can be assigned to a user. This is the general flow of how keys are assigned to a user.

For instance, consider a system shipped default key Create Organization, which corresponds to the permission to create an organization in the Cloud. This implies that to create an organization, you need to have Create Organization key assigned to a keychain, which, in turn, is assigned to a role that’s associated with your user account for a given organization.

Roles

Mon, 01 Jan 0001 00:00:00 +0000

Roles map permissions to users. Roles contain any number of keychains, which contain any number of keys (permissions). Assign roles to users to grant permissions.

Provider Admin Role 🔗

Provider Admin Role

What is the purpose of this role?

Used for administration of Layer5 Cloud.
Used for debugging and monitoring.
Applicable to platform engineering team and on-prem users.

Who can assign this role?

Default Team Roles

Mon, 01 Jan 0001 00:00:00 +0000

Default Team Roles

Team Administrator 🔗

What is the purpose of this role?

Administration of teams

Who can assign this role?

Organization Administrator or Team owner

When this role first assigned?

Creation of new team or User Account creation

How many instances of these roles?

Min: 1, Max: many (based on plan)
Only first Team Admin would be the owner

Who can remove assignment of this role?

Default User Role

Mon, 01 Jan 0001 00:00:00 +0000

Default User Role

User 🔗

What is the purpose of this role?

To grant Organization members access to basic features and resources within the context of that Organization.

Who can assign this role?

Organization Administrators, Workspace Administrators and Team Administrators

When this role first assigned?

Automatically assigned to members on joining an Organization.

How many instances of these roles?

Sessions

Mon, 01 Jan 0001 00:00:00 +0000

What sessions are 🔗

A session represents a user authenticated connection to Layer5 Cloud. Sessions are created each time a user successfully authenticates. Sessions expire after a period of 24 hours. Before reaching their expiration time, sessions can be refreshed by an associated refresh token, which is also automatically generated at the time a user authenticates (at the same time that the adjoining session token is generated). Refresh token have an expiration period of 36 hours. Active sessions are automatically refreshed (kept alive) by the refresh token until such time as the refresh token expires, and subsequently, the session token expires thereafter.

Default Academy Roles

Mon, 01 Jan 0001 00:00:00 +0000

Academy Administrator

Academy Administrator 🔗

What is the purpose of this role?

Management of an organization’s academy, learner management, and access to academy instructor console.

Who can assign this role?

Organization Administrators

When this role first assigned?

Manually assigned by an Organization Administrator.

How many instances of these roles?

Min: 0, Max: many

Who can remove assignment of this role?

Security

Mon, 01 Jan 0001 00:00:00 +0000