Boundary is a tool for managing identity-based access for modern, dynamic infrastructure. Just as infrastructure itself can be complex, at first glance Boundary can seem complex as well. As a result, it's helpful to understand how Boundary organizes security principals and resources, as well as how it allows you define granular permissions to those principals. A glossary of terms is contained in the domain model section.
»Identity & Permission Management
Identity is a core concept in Boundary. Identity is represented by two types of resources, mapping to common security principals:
- Users, which represent distinct entities that can be tied to authentication accounts
- Groups, which are collections of Users that allow for easier access management
Boundary enables flexible management of the hosts and services for which it can broker access. Boundary administrators define host catalogs that contain information about hosts. These hosts are then collected into host sets which represent sets of equivalent hosts. Finally, targets tie together host sets with connection information. Final access to a resource is granted via roles that provide authorization to create sessions against these targets.
Some parts of Boundary support filters for various purposes. For a description of the filter syntax, see the filtering page. See the docs pages for the individual resources or capabilities where filters are supported for the specific inputs and examples with those inputs.