IAM Scope Technical Reference
This reference document provides detailed technical information about IAM scopes in Vidos, including determination methods, implementation details, and operational considerations.
Scope Types
Vidos defines two IAM scope values:
| Scope | Value | Description |
|---|---|---|
| Management | management | Used for administrative operations on service instances |
| Service | service | Used for functional operations on service instances |
Architecture Patterns
The separation of management and service scopes influences architecture design in the following ways:
Architecture Patterns
The separation of management and service scopes encourages:
- Clear division between control plane (management) and data plane (service)
- Separation of administrative and functional access
- Targeted permission models for different operations
Security Implications
Scope separation enhances security by:
- Limiting the impact of compromised credentials
- Reducing the attack surface for each type of operation
- Enabling precise permission boundaries
- Facilitating the principle of least privilege
Trade-offs and Limitations
While the IAM scope architecture provides significant benefits, it comes with certain trade-offs:
Security vs. Convenience
The scope architecture intentionally prioritizes security over convenience in certain areas:
- Requires explicit context switching between management and service operations
- Does not support single-credential access to both management and service functions
- Enforces strict access patterns even for simple deployments
- May require additional authentication steps compared to unified-scope systems
ON THIS PAGE