Introduction
This Pillar provides several modules that help you cook some ACL recipes, package them and assign them as products to tenants.
In Addition you can create tenants that will use your product, manage their applications and secure them via key security.
This space will introduce 5 modules within the Manage pillar:
ProductizationThe productization module offers the ability to secure your microservice & daemons and package them to assign them later on to tenants.
Here is a step by step approach on how to do that.
Add a new productFrom the dashboard, go to Manage pillar → Productization
Step 1:
Once there, you should see the default Dashboard Product with two packages in it.
Step 2:
Click on "Add New Product" and fill in the form.
Step 3:
You should now see an empty product right below the Dashboard Product.
Now that you've added a new product, go ahead and add a new package in it so you can configure the ACL.
Similarly to the above, click add new package and fill in the form.
| Note | ||
|---|---|---|
| ||
So far, we've added a new product and added a new package inside it. Before continuing, we have to configure the ACL of the package. The ACL is what will allow or deny access to the microservices and their APIs. |
Click on "Edit Package ACL" and you will be taken to a new page where you see the list of all activated services grouped under environment codes.
Check all the boxes of the services you want to allow this package to access.
The ACL works per environment, meaning if you deployed the same service in multiple environments, you can allow this package to access the service in one environment and prevent it in another.
You can learn more about deploying environments, check out the Deploy Pillar page.
| Note | ||
|---|---|---|
| ||
When you check a service, it will expand and you will see 2 radio button: public and private.
Selecting public grants access to the service/API for anonymous users whereas private enforces that service/API access is only allowed for logged in users. |
We've created a new product, created a new package within that product, and configured the package with the appropriate access rights. This recipe is called an application. Now we need to create the tenant that will use this application.
Add a new tenantGo to Manage → Multi-Tenancy and click "Add Tenant"
Here you will be prompted to create either a Client Tenant or a Product Tenant.
For example, if you have a frontend that will communicate with your services, it is good practice to create the frontend tenant under Product Tenant, and if you have a developer/DevOp/TechOp that requires access to the services, it is good practice to create them under Client Tenants.
After you choose the tenant role, go ahead and fill in the tenant name and the tenant email and click "Add Tenant". Now click on the tab where you created your tenant and you should see the following:
Now that we have created our tenant, let's assign the application we created earlier to it. Remember that an application is the combination of a product, a package, and package ACL.
Click on the "+" near the tenant name, then click "Add New Application":
Select the product package that you created earlier and click "Add Application:
We still need to create an external key so that it can be used in the header of your requests.
Click on the "+" near the package name and press "Add New Key" and a new private key will be generated:
Now click on the key itself and click on the External Keys tab and click "Add New Application External Key"
Pick an expiry date if you want your external key to expire, or do not select a date to make you key live forever. Moreover, you can add additional security features such as device security and geolocation security.
Once you are done, click "Submit" and you will see your generated key:
Now copy this key and place it in the header of your requests and you should be able to successfully access your services/APIs!
Configure services config per tenantNow that we have added a tenant, we can configure its services config, if required. Click here to learn more about services config.
Click on the "+" near the application name, then click on the Tenant Application Key, then on the Key Environment Configuration tab.
Here you will see a list of available environment where we can configure the services config.
Let's select the dev environment by clicking on the pencil near the environment name.
Now we can fill in the config object with any key:value we want to assign to all users of this tenant.
The tenant organization chart module allows you to manage the users of all available tenants, if your logged in tenant has permission to do so.
To learn more about user registration, check out the URAC page.
My Organization ChartMy organization chart will allow you to manage the users only of the logged in tenant.
To learn more about user registration, check out the URAC page.
The Settings module will allow you to manage the settings of the logged in tenant.
Introduction
Decide who has access to what and where.
- Productize and Package access level recipes to multiple services/daemons in different environments.
- Turns on multitenancy, secure your services and make them behave differently based on the tenant invoking their APIs.
- Create and Manage Tenants, generate keys for them and Configure Private Inputs in different environments.
- Manage your Organization Charts.
- Configure and Update the Settings of your SOA Cloud.
Create and Package your ACL recipes
Create and Manage Tenants, secure them with keys and assign Productized ACL Packages to them.
Administer the users and groups of all the tenants in your application.
Administer the users and groups of your tenant.
Update and modify the configure of the tenant you are logged in with.