Every tenant has at least one owner. It can also have members and viewers.
Aserto manages the following artifacts for a tenant:
- Connections - these are connections to external systems such as source code control systems and identity providers
- Policies - these are references to git repositories that store authorization policies
- User Directory - these are the users that Aserto has synched from one or more connected identity providers
Naturally, Aserto uses Aserto for authorization, using a simple role-based access control (RBAC) model.
The roles that Aserto supports:
- Owner: can perform all operations on a tenant, including inviting other viewers, members, and owners, as well as reset the role of another member of the tenant
- Member: can perform all operations on a tenant except inviting others to the tenant or managing tenant membership
- Viewer: allowed to see all tenant information, but not create or edit any tenant artifacts
The Aserto policy for the Aserto API can be found here.
Learn more about how to manage Aserto tenants using the Aserto Console.