44 lines
1.4 KiB
Markdown
44 lines
1.4 KiB
Markdown
# Console Tenant Administration
|
|
|
|
This document describes tenant administration workflows in the Console: creating tenants, managing access, and operating safely in multi-tenant deployments.
|
|
|
|
## Tenant Lifecycle
|
|
|
|
Typical tenant operations:
|
|
|
|
- Create and deactivate tenants
|
|
- Configure tenant identity and display attributes (name, tags)
|
|
- Review tenant-level configuration and capabilities (feature exposure is configuration-driven)
|
|
|
|
## Access Control
|
|
|
|
Tenant administration typically includes:
|
|
|
|
- Role assignment (who can operate vs approve vs audit)
|
|
- Scope allocation (what each role is allowed to do)
|
|
- Optional ABAC filters (environment/project constraints)
|
|
|
|
See:
|
|
|
|
- `docs/security/scopes-and-roles.md`
|
|
- `docs/security/tenancy-overview.md`
|
|
- `docs/technical/architecture/console-admin-rbac.md`
|
|
|
|
## Safety and Auditability
|
|
|
|
- All admin actions must be auditable (who, what, when, tenant).
|
|
- Prefer reversible operations:
|
|
- deactivate instead of delete
|
|
- rotate credentials instead of reusing
|
|
- Make tenant context explicit in the UI to avoid cross-tenant mistakes.
|
|
|
|
## Offline / Air-Gap Notes
|
|
|
|
- Admin actions should remain available in sealed-mode, but any import/export should be explicit and verified.
|
|
- When operating from Offline Kit snapshots, show snapshot identity and staleness for admin-relevant views (feeds, policies, issuer trust).
|
|
|
|
## References
|
|
|
|
- Console operator guide: `docs/UI_GUIDE.md`
|
|
- Offline Kit: `docs/OFFLINE_KIT.md`
|