组织,空间,角色,权限
RBAC(role-based access control)
组织
合作者可以加入组织,共享组织中的资源配额,app,可获得的服务域名等。
用户账户
用户在不同的空间中可以有不同的角色。
空间
所有的应用和服务都被空间隔离,每个组织至少拥有一个空间。
角色和权限
一个用户可以有一个或者多个角色。
- Org Managers 组织管理者,需要管理账户。需要管理权限。
- Org Auditors 组织审计员,只能看用户信息和组织配额使用信息。
- Org Billing Managers 创建和管理账单账户和支付信息
- Space Managers 空间管理员,管理空间
- Space Developers 管理app和服务
- Space Auditors 只能看空间内的一些信息。
| User Role | Org Manager | Org Auditor | Org Billing Manager | Space Manager | Space Developer | Space Auditor |
|---|---|---|---|---|---|---|
| Scope of operation | Org | Org | Org | Space | Space | Space |
| Add and edit users and roles | † | † | ||||
| View users and roles | ✓ | ✓ | ||||
| View the org quota | ✓ | ✓ | ||||
| Create, view, edit, and delete Orgs | <%= vars.manage_roles_pws_yes="" %=""> | <%= vars.manage_roles_pws_yes="" %=""> | <%= vars.manage_roles_pws_yes="" %=""> | <%= vars.manage_roles_pws_yes="" %=""> | <%= vars.manage_roles_pws_yes="" %=""> | <%= vars.manage_roles_pws_yes="" %=""> |
| Create, view, edit, rename, and delete Spaces | ✓ | |||||
| View the status, number of instances, service bindings, and resource use of applications | ✓ | ✓ | ✓ | ✓ | ||
| Add domains | ✓ | |||||
| Deploy, run, and manage applications | ✓ | |||||
| Instantiate and bind services to applications | ✓ | |||||
| Associate URLs, instance counts, memory allocation, and disk limit of applications | ✓ | |||||
| Rename applications | ✓ | |||||
| Set payment information and org/space spending limit | ✓ | |||||
| Read invoices and payment history; set invoice notification email addresses | ✓ |