Skip to content
LoginGet Started

Configuration Management

Feature Focus: CloudTruth RBAC

May 24, 2022

Role-Based Access Control (RBAC) has been one of the most anticipated features for CloudTruth from many customers. It allows not only for better security and compliance implementations for your organization, but you’ll have true control around projects and environment usability for any CloudTruth user.

In this Feature Focus, you’ll learn what RBAC is and how to implement it in CloudTruth.

Prerequisites

To follow along with this blog post, ensure that you have:

  • The Premium subscription level of CloudTruth

What is RBAC?

RBAC, short for Role-Based Access Control, is a way to restrict systems and certain products to particular users. If you have a certain system or a certain product/feature inside of a piece of software that you only want certain users to have access to, you’d implement RBAC.

The same rules apply to a service account. If you have a service account that needs access to a particular part of an application, you can use RBAC to give the service account the specific permissions that it needs.

Using RBAC in CloudTruth, you can get incredibly granular with who has access to what. For example, let’s say you have a parent project with several child projects. You can give certain users access to some of the child projects and other users access to other child projects.

The whole idea behind RBAC, from a security perspective, is to have the ability to get granular with who has access to what. The “who” may be an actual person or a service account.

Project Access Control

When it comes to project access control, you can control who has access to what parent project and the associated child projects.

For example, taking a look at the screenshot below, you can see that Michael Levan has owner permissions for the MyApp parent project.

However, access control is off for the development child project under the MyApp parent project. At this point, the development project is inheriting RBAC permissions from the MyApp parent project.

CloudTruth RBAC 3

If you wanted to, you could turn on access control for the development child project so it doesn’t inherit permissions from the MyApp parent project and instead has its own RBAC permissions.

CloudTruth RBAC 4

Environment Access Control

RBAC for environment control is very similar to project control. You’ll have the ability to control what users have access to which environments.

As an example, in the below screenshot you’ll see that access control is turned off for development. This is because since a development environment, maybe the organization isn’t concerned about which engineers have access to it.

CloudTruth RBAC 5

However, when it comes to a production environment, you would want to know who has access. Because of that, you’ll want to turn on access control for the production environment.

CloudTruth RBAC 6

Join ‘The Pipeline’

Our bite-sized newsletter with DevSecOps industry tips and security alerts to increase pipeline velocity and system security.

Subscribe For Free

Continue exploring

Browse All Talks

Continue Reading