Isolating Accounts and Organizations
There are three important attributes we use to isolate login accounts and organizations
in multi-tenant environments, whether our SaaS service, CloudRun, or Kubernetes.
-
Organization membership
- Org Owner
- The Main Account for the Organization
- Org Admin
- can change details about the Organization
- can add or remove members for the Orgnization
- can assigned members as Org Admins or Org Viewers
- can view all Security Groups within the Org
- but only Administer those they have Admin Access for
- Org Viewer (intended for non-admin Orgization members report access)
- limited viewing of information in the Org
- Org Owner
-
Certified Advisors
- Other login accounts who you've identified as "Known" login accounts
- An Account Owner must be Known to a Security Group or an Admin Group
before they can be trusted by that Security Groups or Admin Group.
For security reasons, we don’t elevate privileges for an account or connect them to a admin group until:
- the Account Owner enables their 2-Factor Authentication, and
- we’ve associated them with an Admin group or other main account as a Certified Advisor
We also don't allow admins to browse the Security Groups of other organizations and accounts
unless we've specifically connected the accounts together.
This is a security precaution to prevent a malicious WCS account holder from determining who uses WCS.