Tenants Overview
Within ESH, the concept of "Tenants" plays a pivotal role in managing access to ESH resources. Tenants are analogous to teams or distinct organizational units within the organization, and users are granted access to Tenants based on their team affiliation. This organizational structure allows for efficient resource management and access control.
Tenants as Organizational Units
-
Analogous to Teams: Tenants in ESH mirror the structure of teams or distinct units within the organization. These units may represent different business units, departments, or project teams and are seamlessly integrated into ESH.
-
User Affiliation: Users are associated with specific tenants based on their role or team membership, seamlessly aligning team structures with access control and resource provisioning.
Access Control and RBAC
-
Access Granularity: Tenants enable finely grained access control within ESH. RBAC principles extend to the tenant level, allowing administrators to precisely define what actions and resources each tenant and its affiliated users can access.
-
Least Privilege: RBAC at the tenant level continues to uphold the principle of least privilege, ensuring that each tenant has access only to the resources and capabilities they require for their specific tasks, thereby enhancing security and resource governance.
Resource Provisioning and Deployments
-
Target Environments: Each tenant maintains its own set of target environments, such as development, testing, or production, all seamlessly integrated into ESH. Access to these environments is controlled at the tenant level, streamlining resource allocation and deployment management.
-
Resource Customization: Tenants, within the self-service portal, have the ability to customize their resource requests to align with the unique needs of their projects or teams. This customization is fully integrated into ESH, ensuring that the resources provisioned meet the specific goals of the tenant.
-
Deployment Context: Deployments in ESH are managed within the context of the tenant that owns them. This means that the actions, configurations, and artifacts associated with a deployment are under the governance and attribution of the respective tenant.
-
Cost Approvals: Limits can be set on monthly deployed cost in order that any Deployment over this cost is directed to a Tenant admin for approval.
Benefits of Tenant-Based Access Control
-
Resource Isolation: Tenants provide resource isolation, reducing the risk of unintentional interference between teams or projects within ESH. Each tenant operates seamlessly within its defined boundaries, minimizing the potential for resource conflicts.
-
Resource Optimization: Resource provisioning and access controls within ESH are tailored to the specific requirements of each tenant, optimizing resource usage and costs.
-
User Autonomy: Tenants empower teams and users with a level of autonomy, enabling them to independently manage their deployments and resources within the framework of ESH, enhancing operational efficiency.
In summary, tenants are a fundamental component of ESH, serving as the organizational framework for controlling access, resource provisioning, and deployments. Aligned with RBAC principles, tenants offer fine-grained access controls, resource customization, and resource isolation, fostering user autonomy and efficient resource management within the operational ESH environment.