Contents x
      Access Control Policies Explained
      • 05 Jul 2024
      • 2 Minutes to read
      • Contributors
      • Print
      • Dark
        Light
      Contents

      Access Control Policies Explained

      • Updated on 05 Jul 2024
      • 2 Minutes to read
      • Contributors
      • Print
      • Dark
        Light
      Article summary

      Access control in an application is essential for maintaining the security and integrity of the data in the application.

      RealTheory allows you to manage access to data and resources through access control policies. Using access control policies to manage who can view resources allows an organization to dynamically and automatically grant appropriate access to clusters at scale, reducing the need for excessive oversight and manual management of access control in larger organizations with multiple clusters.

      The hierarchical system of access control policies grants access to clusters based on the criteria you specify. A default policy serves as a safety net and, by default, grants everyone in the organization access to any clusters that don't meet the conditions of higher-priority policies. This ensures that all clusters have some level of access while allowing for granular control over access based on the criteria you specify. You should consider reviewing and adjusting the default policy to ensure that it aligns with security best practices, regulatory requirements, and the specific needs of your organization.

      How Access Control Policies Work

      Access control policies define a relationship between clusters with a specific label(s) that you specify and the users and/or groups of users that can view cluster(s) with that label(s).

      Example

      Let's say that you have the following situation in your organization:

      • You have three clusters: Clusters 1, 2, and 3

      • Your organization has four teams that need cluster access: Teams Blue, Red, Yellow, and Green

      • Team Blue manages cluster 1

      • Team Red manages cluster 2

      • Team Yellow manages cluster 3

      • Team Green does not manage a cluster but must have access to all clusters

      To control access to each cluster, you might associate RealTheory labels to each cluster based on team ownership:

      • team=blue
      • team=red
      • team=yellow

      To control who can access each cluster, you might create a group for each team and assign the appropriate users to each group:

      • Team Blue

      • Team Red

      • Team Yellow

      • Team Green

      You now have the building blocks you need to create access control policies:

      • Labeled clusters

      • Groups of users who need access to those clusters

      You must now create the following access control policies, one for each of the clusters that has restricted access:

      PolicyClusterConditionsWho can view
      11team=blueSelected groups and/or users: Group Team Blue and Group Team Green
      22team=redSelected groups and/or users: Group Team Red and Group Team Green
      33team=yellowSelected groups and/or users: Group Team Yellow and Group Team Green

      See Also
      Creating Access Control Policies
      Configuring the Default Access Control Policy
      How to Leverage RealTheory Labels to Streamline Scalability and Automation

      Was this article helpful?
      What's Next
      RealTheory logo
      • The Kubernetes Intelligence Platform
      Support
      Follow Us
      Copyright © RealTheory, Inc. All Rights Reserved