Service accounts and authorizations
In the Smart Operations Toolkit, service accounts are utilized by modules or workloads rather than individual users. These service accounts can make authorized API calls by authenticating the service account rather than relying on individual user credentials.
Each application integrated into the SOT has its own set of roles and permissions, determining what actions it is authorized to perform within the system. Additionally, each application may require specific roles and permissions from other integrated applications to function correctly.
Roles assignments inside main tenant are configured automatically by Macma Configuration operator based on module helm chart settings.
Role assignments for customer tenant must be configured individually in each tenant.
The following table explains exactly the roles required for each module. On the vertical legend are the modules, and on the horizontal side are the essential roles that must be assigned to each module to function correctly.