Merge pull request #5234 from hashicorp/namespace-docs-updates
namespace docs updates
This commit is contained in:
Andy Manoske
GitHub
commit
393e0fab62
|
|
@ -44,20 +44,22 @@ Namespaces are isolated environments that functionally exist as "Vaults within a
|
|||
They have separate login paths and support creating and managing data isolated to their
|
||||
namespace. This data includes the following:
|
||||
|
||||
- Secret Engine Mounts
|
||||
- Secret Engines
|
||||
- Auth Methods
|
||||
- Policies
|
||||
- Identities (Entities, Groups)
|
||||
- Tokens
|
||||
|
||||
Namespaces can also be configured to inherit all of this data from a higher *parent* namespace.
|
||||
This simplifies the deployment of new namespaces, and can be combined with sentinel policies
|
||||
to prescribe organization-wide infosec policies on tenants.
|
||||
|
||||
Rather than rely on Vault system admins, namespaces can be managed by delegated admins who
|
||||
can be prescribed administration rights for their namespace. These delegated admins can also
|
||||
create their own child namespaces, thereby prescribing admin rights on a subordinate group
|
||||
of delegate admins.
|
||||
|
||||
Child namespaces can share policies from their parent namespaces. For example, a child namespace
|
||||
may refer to parent identities (entities and groups) when writing policies that function only
|
||||
within that child namespace. Similarly, a parent namespace can have policies asserted on child
|
||||
identities.
|
||||
|
||||
## Setup and Best Practices
|
||||
|
||||
A [deployment guide](/guides/operations/multi-tenant.html) is available to help guide you
|
||||
|
|
|
|||
Loading…
Reference in New Issue