From 928489587a3120e54043623dfadec388f84e03dc Mon Sep 17 00:00:00 2001 From: Nithya Subramanian <98416062+nithyatsu@users.noreply.github.com> Date: Fri, 27 Sep 2024 10:10:55 -0700 Subject: [PATCH] Update architecture/2024-08-dashboard-component-threat-model.md Co-authored-by: Ryan Nowak Signed-off-by: Nithya Subramanian <98416062+nithyatsu@users.noreply.github.com> --- architecture/2024-08-dashboard-component-threat-model.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/architecture/2024-08-dashboard-component-threat-model.md b/architecture/2024-08-dashboard-component-threat-model.md index 08cae30..6a25ee7 100644 --- a/architecture/2024-08-dashboard-component-threat-model.md +++ b/architecture/2024-08-dashboard-component-threat-model.md @@ -113,7 +113,7 @@ We have a few different trust boundaries for the Dashboard component: - **Kubernetes Cluster**: The overall environment where the Dashboard component operates and serves clients. - **Namespaces within the Cluster**: Logical partitions within the cluster to separate and isolate resources and workloads. -The Dashboard component lives inside the `radius-system` namespace in the Kubernetes cluster where it is installed. UCP also resides within the same namespace.Namespaces within Kubernetes can help set Role-Based Access Control (RBAC) policies. +The Dashboard component lives inside the `radius-system` namespace in the Kubernetes cluster where it is installed. UCP also resides within the same namespace. Namespaces within Kubernetes can help set Role-Based Access Control (RBAC) policies. Also, the dashboard webapp portal is accessible to various configured users. Users that are signed-in in to Backstage generally have full access to all information and actions. If more fine-grained control is required, the permissions system should be enabled and configured to restrict access as necessary. Summarizing from [Backstage threat model](https://backstage.io/docs/overview/threat-model/), the users could belong to one of these trust levels: