top | item 39187241

(no title)

[1] MSP is the term for this. Managed Service Provider Lets say my company has a SaaS product. AT&T is the customer to my company and i onboard them to my SaaS platform, now AT&T has a customer called "Dell" and AT&T wants to onboard Dell to this platform ; Essentially white-labelling

Parent- AT&T Child - AT&T

[2] We have SaaS platform build like Backstage, Vmware Tanzu. We didn't wanted to build custom auth solution, this was a demand from customers who wanted granularity not just based on CRUD operations but based on environments, access to type of metadata, projects, other app-services

We had something called soft-multi-tenancy, where user "abc" can access namespace in k8s in cluster B, but not cluster A; because B (child) is inherited cluster from A (parent)

Examples of RBAC granularity

1. Write access to Namespace (can change, Namespace, pods, deployment and more .. based on k8s first class object) 2. Read access to Namespace 3. Write access to Pods 4. Read access to Pods

Just like this we had close to 20 RBAC granularity

I recommend you reading about RBAC, ABAC, RE-BAC, Soft Multi-tenancy ; companies who are building this loft.sh, rancher. Our solution was not focused RBAC at all, when we bough multi-tenancy it enforced us think through RBAC

discuss

barnabas-szoke|2 years ago

Thanks very much, it makes sense now.