Using Tags for Access Control

Most systems use Access Control Lists (ACL’s) to manage user’s access to objects. Common examples are ACL’s for file systems, LDAP, Web Servers and many more. Anyone who has had to create ACL rules and maintain them knows how complicated this can be. To make access control easy again, CloudForms uses tags. If the group a user belongs to has the same tag as the accessed object, access is granted, if not, access is denied.

This sounds simple and straightforward, but there are a couple of things to know about tags which make them very powerful, but also a bit tricky.

Continue reading “Using Tags for Access Control”