»Manage Scopes

Scopes are a foundational part of Boundary. They allow users to partition resources and assign ownership of resources to principals. There are three types of scopes within Boundary:

  1. Global (global)
  2. Org
  3. Project

These are in a hierarchy:

  • There is only one single global scope. It is meant as the entry point for initial administration/setup and to manage org scopes.
  • Under the global scope there can be many org scopes. These are used to hold IAM-related resources and project scopes.
  • Under each org scope can be many project scopes. These are used to hold infrastructure-related resources.

Some resources can only be associated with a specific level of scope. As an example, Targets can only be contained within a project scope. Other resources can be contained by multiple scopes. For example, users can be created within the global scope or an org-level scope. See the domain model for detailed resource specific information.

In this example, we're going to create two scopes, an org and a project.

»Create an Org

In this example, we're going to create an org, which lives in the global scope.

$ boundary scopes create -scope-id global -name my_org -description 'My first org'

Scope information:
  Created Time:        Tue, 29 Sep 2020 05:48:22 PDT
  Description:         My first org
  ID:                  o_y0fEd8iY2J
  Name:                my_org
  Updated Time:        Tue, 29 Sep 2020 05:48:22 PDT
  Version:             1

  Scope (parent):
    ID:                global
    Name:              global
    Type:              global

»Create a Project

Next, we're going to add a project scope to our org.

$ boundary scopes create -scope-id o_0MkQUfE9jA -name my_project -description 'My first project'

Scope information:
  Created Time:        Tue, 29 Sep 2020 05:57:45 PDT
  Description:         My first project
  ID:                  p_jqCwqjSTQ4
  Name:                my_project
  Updated Time:        Tue, 29 Sep 2020 05:57:45 PDT
  Version:             1

  Scope (parent):
    ID:                o_0MkQUfE9jA
    Name:              my_org
    Parent Scope ID:   global
    Type:              org