Tenant access management

For any Atlan tenant, there are three types of access required for troubleshooting an issue:

  • access to cloud resources
  • access to vCluster or dedicated Kubernetes (K8s) cluster
  • access to product

Access to cloud resources

  1. Identify need for access — access to the cloud resources of a tenant is generally required to debug an issue related to infrastructure components. For any tenant, cloud resources include cloud storage, secrets, Kubernetes cluster, network rules, and more.
  2. Request access — if an Atlan engineer troubleshooting an issue requires access to any cloud resource, the engineer must raise a formal request using Atlan's service request ticketing system with the appropriate justification.
  3. Approval process — the request will be reviewed and require approval from a relevant authority, likely a manager or another team member responsible for access control.
  4. Access granting — once approved, the IT team at Atlan will grant access to the resource for a specified period of time.
  5. Access revocation — after the specified period of time is over or troubleshooting has been completed, the IT team will revoke access to avoid any unauthorized or prolonged access.

Access to cluster

  1. Identify need for access — access to vCluster or dedicated Kubernetes (K8s) cluster is required to troubleshoot an issue related to Kubernetes resources.
  2. Management of Kubernetes clusters — Atlan uses Loft for managing K8s clusters and vclusters. All K8s clusters and vclusters are added to and managed from Loft.
  3. Request access — if an Atlan engineer troubleshooting an issue requires access to a vcluster or dedicated cluster, the engineer must raise a formal request using Atlan's service request ticketing system with the appropriate justification.
  4. Approval process — the request will be reviewed and require approval from a relevant authority, likely a manager or another team member responsible for access control.
  5. Access granting — once approved, the IT team at Atlan will grant access to the resource for a specified period of time.
  6. Access revocation — after the specified period of time is over or troubleshooting has been completed, the IT team will revoke access to avoid any unauthorized or prolonged access.

Access to product

  1. Identify need for access — access to the product may be required to troubleshoot an issue with product features or connector workflows.
  2. Creation of support user — Atlan creates a support user named atlansupport while creating a tenant. The credentials for this user is stored with the IT team.
  3. Security of credentials — the credentials for this user are securely stored in 1Password, and managed by the IT team. Access to these credentials is tightly controlled, requiring explicit permission from the IT team to access them, and support user passwords are reset every 90 days.
  4. Request access — if an Atlan engineer troubleshooting an issue requires access to the product, the engineer must raise a formal request using Atlan's service request ticketing system with the appropriate justification.
  5. Approval process — the request will be reviewed and require approval from a relevant authority, likely a manager or another team member responsible for access control.
  6. Access granting — once approved, the IT team at Atlan will share the password of the Atlan support user for a specified period of time.
  7. Monitoring and logging — all actions performed using the atlansupport account are monitored and logged in Keycloak, with logs retained for 60 days.

Related articles

Was this article helpful?
0 out of 0 found this helpful