name

User model

A10 HarmonyTM Controller supports the Provider-Tenant architecture allowing each configured sub-provider to manage their tenants, users, and corresponding applications. This document explains the Provider Tenant Configuration in A10 HarmonyTM Controller.

Provider-Tenant Model

The Root provider (also known as root administrator) configures all sub-providers, tenants, and users at the highest hierarchy level or the root level. The Root Provider has permissions to create any number of additional sub-providers and tenants. The sub-provider, which is the next hierarchy level, configures tenants and users. At the sub-provider level, the tenant can add a designated tenant administrator who can configure and manage the tenant’s users and applications. Each tenant is entirely independent and cannot access resources (applications and clusters) managed by other tenants.

Hierarchy Levels

The different hierarchy levels in the Provider-Tenant configuration in A10 HarmonyTM Controller include:

  1. Root Provider
    At this level you can add the root-level Sub-Provider(s), Tenant(s) and User(s).
  2. Sub-Provider
    At this level you can add the sub-provider level Sub- Provider(s), Tenant(s) and User(s).
  3. Tenant
    Tenants can add users and specific roles like tenant admin to administer its users.
  4. Users
    Each user will have different roles. For example, a user can be a Tenant Admin and a Tenant User, and also be a root user.

Root Provider Level

name

The diagram below shows the hierarchy levels that the Root Provider can add:

  1. Sub-Providers
  2. Tenants
  3. Users

Provider Tenant Configuration: High Level Diagram

name

Roles and Permissions

There are different roles and corresponding permissions in the Provider-Tenant configuration:

Root User Roles

The root user can have any of these roles:

  • Root user (can be Root Admin)
  • Root level-Tenant Admin
  • Root level-Tenant’s Application admin
  • Root level-Tenant’s user

Administrator Roles

The administrator roles include:

  • Root Level Administrator
  • Provider-level Administrator
  • Tenant Administrator
  • Application Administrator

Sub-Provider User Roles

The users at sub-provider level can have any of these roles:

  • Tenant Admin at the Sub-Provider level
  • Application admin at the Sub-Provider level
  • Tenant user at the Sub-Provider level

This diagram shows the hierarchy levels for the Admin roles in the system.

name

Provider-Tenant High-Level Diagram Explaining Different Roles

In the high-level Provider-Tenant configuration, the roles fit in as shown in this diagram.

_images/user-roles.png