mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-18 13:57:32 +00:00
9e2b3d10fe
* additional content * even more content
104 lines
4.7 KiB
Markdown
104 lines
4.7 KiB
Markdown
---
|
|
title: Projects
|
|
---
|
|
|
|
### What are projects
|
|
|
|
The idea of projects is to have a vessel for all components who are closely related to each other.
|
|
In ZITADEL all clients located in the same project share their roles, grants and authorizations.
|
|
From an access management perspective you manage who has what role in the project and your application consumes this information.
|
|
A project belongs to exactly one organisation.
|
|
The attribute project role assertion defines, if the roles should be integrated in the tokens without sending corresponding scope (urn:zitadel:iam:org:project:role:{rolename})
|
|
With the project role check you can define if a user should have a requested role to be able to logon.
|
|
|
|
**Clients**
|
|
|
|
Clients are described here [What are clients](administrate#What_are_clients)
|
|
Basically these are your applications who initiate the authorization flow.
|
|
|
|
**Roles**
|
|
|
|
[Roles (or Project Roles)](administrate#Roles) is a means of managing users access rights for a certain project.
|
|
These [roles](administrate#Roles) are opaque for ZITADEL and have no weight in relation to each other.
|
|
So if a [user](administrate#Users) has two roles, admin and user in a certain project, the information will be treated additive.
|
|
|
|
**Grants**
|
|
|
|
With ZITADEL it is possible to give third parties (other organisations) the possibility to manage certain roles on their own.
|
|
To achieve this the owner of a project can grant (some could say delegate) certain roles or all roles to an organisation.
|
|
After granting that organisation it can manage on its own which user has what roles.
|
|
This feature is especially useful for service providers, because they are able to establish a great self-service culture for their business customers.
|
|
|
|
**Authorizations**
|
|
|
|
> TODO, Link to authorizations
|
|
|
|
#### Project vs. granted Project
|
|
|
|
The simple difference of a project vs a granted project is that a project belongs to your organisation and the granted project belongs to a third party who did grant you some rights to manage certain roles of their project.
|
|
To make it more easier to differentiate, ZITADEL Console displays these both as separate menu in the project section.
|
|
|
|
### Manage a project
|
|
|
|
#### Create a project
|
|
|
|
To create your project go to [https://console.zitadel.ch/projects](https://console.zitadel.ch/projects)
|
|
|
|
<div class="zitadel-gallery" itemscope itemtype="http://schema.org/ImageGallery">
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_projects_empty.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_projects_empty.png" itemprop="thumbnail" alt="Manage Projects" />
|
|
</a>
|
|
<figcaption itemprop="caption description">Manage Projects</figcaption>
|
|
</figure>
|
|
</div>
|
|
|
|
Create a new project with a name which explains what's the intended use of this project.
|
|
|
|
<div class="zitadel-gallery" itemscope itemtype="http://schema.org/ImageGallery">
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_projects_my_first_project.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_projects_my_first_project.png" itemprop="thumbnail" alt="Manage Projects" />
|
|
</a>
|
|
<figcaption itemprop="caption description">Manage Projects</figcaption>
|
|
</figure>
|
|
</div>
|
|
|
|
#### RBAC Settings
|
|
|
|
- Authorisation Check option (Check if the user at least has one role granted)
|
|
- Enable Project_Role Assertion (if this is enabled assert project_roles, with the config of the corresponding client)
|
|
|
|
#### Define project specific roles
|
|
|
|
> Screenshot here
|
|
|
|
### Grant project to a third party
|
|
|
|
> Screenshot here
|
|
|
|
### Manage Project Authorisations
|
|
|
|
> Screenshot here
|
|
|
|
### Manage Project ZITADEL Roles
|
|
|
|
<div class="zitadel-gallery" itemscope itemtype="http://schema.org/ImageGallery">
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_project_manage_roles_1.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_project_manage_roles_1.png" itemprop="thumbnail" alt="Manage ZITADEL Roles 1" />
|
|
</a>
|
|
<figcaption itemprop="caption description">Manage ZITADEL Roles 1</figcaption>
|
|
</figure>
|
|
<figure itemprop="associatedMedia" itemscope itemtype="http://schema.org/ImageObject">
|
|
<a href="img/console_project_manage_roles_2.png" itemprop="contentUrl" data-size="1920x1080">
|
|
<img src="img/console_project_manage_roles_2.png" itemprop="thumbnail" alt="Manage ZITADEL Roles 2" />
|
|
</a>
|
|
<figcaption itemprop="caption description">Manage ZITADEL Roles 2</figcaption>
|
|
</figure>
|
|
</div>
|
|
|
|
### Audit project changes
|
|
|
|
> Screenshot here
|