Subscription:
Keychains
Keychains are a collection of keys
Security
Manage identity and access through Tokens, Keychains, Keys, and RBAC Roles.
Categories:
Layer5 Cloud provides a multi-tenant security model designed to manage access across complex organizational structures. This section covers the core components of our Identity and Access Management (IAM) system.
Security Architecture π
The following diagram illustrates the relationship between Organizational Units, Roles, and the underlying Permissions:
Organizational Units π
Layer5 Cloud uses a hierarchical structure to isolate resources and manage users at scale:
- Provider Organizations: The top-level entity that can manage multiple tenant organizations.
- Tenant Organizations: Individual customer or project-specific organizations (e.g., Layer5, Intel).
- Teams: Logical groupings of users within an organization to facilitate collaborative management.
- Users: Individual accounts that are members of teams and organizations.
Roles and Access Control π
Access is granted through Role-Based Access Control (RBAC). Roles are assigned at different levels of the organizational hierarchy:
- Organization Administrators: Full control over an entire tenant organization.
- Organization Billing Managers: Access restricted to subscription and financial management.
- Team Administrators: Management of specific team resources and memberships.
Key Management and Tokens π
Beyond structural roles, Layer5 Cloud uses cryptographic and session-based security:
Keychains π
Keychains are collections of keys used to manage environment-specific access and signing. They allow for the logical grouping of related security credentials.
Keys π
Keys are the atomic unit of access control within the system. They are used for secure communication between Meshery and Layer5 Cloud, as well as for signing design patterns.
Tokens π
Tokens provide temporary, secure access to the platform.
- Session Tokens: Used for web browser authentication.
- Personal Access Tokens (PATs): Used for programmatic access via CLI or CI/CD pipelines.
Need more detail? π
Check out the Roles Reference for a complete matrix of permissions for each role.
Keys
Keys are the atomic unit of access control
Roles
Roles map permissions to users. Roles contain any number of keychains, which contain any number of keys (permissions). Assign roles to users to grant permissions.
Sessions
User sessions are created each time a user successfully authenticates.
Tokens
API Tokens are used to authenticate to Layer5 Cloud’s REST API. Generated on your user account’s security tokens page. Tokens can be revoked at any time.