1.4 KiB
1.4 KiB
Console Tenant Administration
This document describes tenant administration workflows in the Console: creating tenants, managing access, and operating safely in multi-tenant deployments.
Tenant Lifecycle
Typical tenant operations:
- Create and deactivate tenants
- Configure tenant identity and display attributes (name, tags)
- Review tenant-level configuration and capabilities (feature exposure is configuration-driven)
Access Control
Tenant administration typically includes:
- Role assignment (who can operate vs approve vs audit)
- Scope allocation (what each role is allowed to do)
- Optional ABAC filters (environment/project constraints)
See:
docs/security/scopes-and-roles.mddocs/security/tenancy-overview.mddocs/technical/architecture/console-admin-rbac.md
Safety and Auditability
- All admin actions must be auditable (who, what, when, tenant).
- Prefer reversible operations:
- deactivate instead of delete
- rotate credentials instead of reusing
- Make tenant context explicit in the UI to avoid cross-tenant mistakes.
Offline / Air-Gap Notes
- Admin actions should remain available in sealed-mode, but any import/export should be explicit and verified.
- When operating from Offline Kit snapshots, show snapshot identity and staleness for admin-relevant views (feeds, policies, issuer trust).
References
- Console operator guide:
docs/UI_GUIDE.md - Offline Kit:
docs/OFFLINE_KIT.md