docs consolidation and others
This commit is contained in:
master
43
docs/modules/ui/operations/admin-tenants.md
Normal file
43
docs/modules/ui/operations/admin-tenants.md
Normal file
@@ -0,0 +1,43 @@
|
||||
# Console Tenant Administration
|
||||
|
||||
This document describes tenant administration workflows in the Console: creating tenants, managing access, and operating safely in multi-tenant deployments.
|
||||
|
||||
## Tenant Lifecycle
|
||||
|
||||
Typical tenant operations:
|
||||
|
||||
- Create and deactivate tenants
|
||||
- Configure tenant identity and display attributes (name, tags)
|
||||
- Review tenant-level configuration and capabilities (feature exposure is configuration-driven)
|
||||
|
||||
## Access Control
|
||||
|
||||
Tenant administration typically includes:
|
||||
|
||||
- Role assignment (who can operate vs approve vs audit)
|
||||
- Scope allocation (what each role is allowed to do)
|
||||
- Optional ABAC filters (environment/project constraints)
|
||||
|
||||
See:
|
||||
|
||||
- `docs/security/scopes-and-roles.md`
|
||||
- `docs/security/tenancy-overview.md`
|
||||
- `docs/architecture/console-admin-rbac.md`
|
||||
|
||||
## Safety and Auditability
|
||||
|
||||
- All admin actions must be auditable (who, what, when, tenant).
|
||||
- Prefer reversible operations:
|
||||
- deactivate instead of delete
|
||||
- rotate credentials instead of reusing
|
||||
- Make tenant context explicit in the UI to avoid cross-tenant mistakes.
|
||||
|
||||
## Offline / Air-Gap Notes
|
||||
|
||||
- Admin actions should remain available in sealed-mode, but any import/export should be explicit and verified.
|
||||
- When operating from Offline Kit snapshots, show snapshot identity and staleness for admin-relevant views (feeds, policies, issuer trust).
|
||||
|
||||
## References
|
||||
|
||||
- Console operator guide: `docs/UI_GUIDE.md`
|
||||
- Offline Kit: `docs/OFFLINE_KIT.md`
|
||||
Reference in New Issue
Block a user