»Overview

Boundary has a rich domain model consisting of resources that represent IAM principals, infrastructure, and the means to tie them together. This section contains information about the various resources within the domain and how they relate to each other.

»Resources

A resource is any element in Boundary to which principals may be granted permissions. All resources have an ID which is unique within Boundary.

»Summary of Resources

  • Account : An account is a resource that represents a unique set of credentials issued from a configured authentication method which can be used to establish the identity of a user.

  • Credential : A credential is a data structure containing one or more secrets that binds an identity to a set of permissions or capabilities on a host for a session.

  • Credential Library : A credential library is a resource that provides credentials of the same type and same access level from a single credential store.

  • Credential Store : A credential store is a resource that can retrieve, store, and potentially generate credentials of differing types and differing access levels. It may also contain credential libraries.

  • Authentication Method : An authentication method is a resource that provides a mechanism for users to authenticate to Boundary.

  • Group : A group is a resource that represents a collection of users which can be treated equally for the purposes of access control.

  • Host : A host is a resource that represents a computing element with a network address reachable from Boundary.

  • Host Catalog : A host catalog is a resource that contains hosts and host sets.

  • Host Set : A host set is a resource that represents a collection of hosts which are considered equivalent for the purposes of access control.

  • Managed Group : A managed group is a resource that groups accounts based on criteria established by a third-party service backing the authentication method. It can be used as a principal in roles.

  • Role : A role is a resource that contains a collection of permissions which are granted to any principal assigned to the role.

  • Session : A session is a set of related connections between a user and a host. A session may include a set of credentials which define the permissions granted to the user on the host for the duration of the session.

  • Scope : A scope is a permission boundary modeled as a container.

  • Target : A target is a resource that represents a networked service with an associated set of permissions a user can connect to and interact with through Boundary by way of a session.

  • User : A user is a resource that represents an individual person or entity for the purposes of access control.

»Next Steps

When getting started with Boundary, the first resource to look at should probably be Scopes. Every other resources is either contained within a scope, or contained within another resource that is itself contained within a scope. That page can help you understand the structure of resources within Boundary.