Role-Based Access Control

Access Control Service

Access Control Service (ACS) provides the capability to regulate access to various services by providing authorization and authentication to internal as well as external resources.

ACS provides policy access to manage users by providing authentication and authorization. ACS defines a role and assigns these roles to the users. This helps the Linux platform provide secure and safe access to various services.

Role-Based Access Control (RBAC)

Role-based access control (RBAC) is an approach to restrict a system access to authorized users. RBAC acts as an authorized system to manage resource access by assigning the required permissions and restrictions.

Scope for Roles

Roles are created and assigned to a member. Scope provides a limited boundary for the role to access their rights and permissions. You can create a role that are are specific for a particular boundary and are limited for a particular scope of actions.

Various scopes are available in the LFX platform. Some of the scopes are:

• Project

• Organization

• Project and Organization

• Community

• Training

• Events

Roles in Linux Foundation Platform

These sections provide various roles that are created for Linux Foundation platform. The various roles are listed below:

• CLA Signatory

• Community PM

• Company Admin

• Company Owner

• Contact

• Contributor

• Donor

• LF Events

• LF Exec

• LF Finance

• LF Legal

• LF Ops

• LF PM

• LF Training

• Mentee

• Mentor

• Project Maintainer

• Project Manager

• User

CLA Signatory

CLA Signatory is a member belonging to an organization who has the signing authority for CCLA contracts.

Community PM

Company Admin

Company Admin is an individual member belonging to an organization who has been authenticated by the Owner with full control over projects, organization, and users.

Company Owner

Company Owner is an individual member belonging to an organization who has been authenticated with full control over projects, organization, and users. The owner also has control over ACS.

Contact

Contact is a member from an organization who is also a Linux Foundation customer.

Contributor

Contributor may be an individual member or a member belonging to any organization. Contributor is assigned and authenticated to update and work on their own projects.

Donor

Donor may be an individual member or a member belonging to any organization who donates to a project. Donor has access to the projects to which they are donating.

LF Events

LF Events is an internal employee of Linux Foundation who can create and manage events.

LF Exec

LF Exec is an internal employee of Linux Foundation who can manage sales operations.

LF Finance

LF Finance is an internal employee of Linux Foundation who can manage financial operations.

LF Legal

LF Legal is an internal employee of Linux Foundation who can manage legal operations.

LF Ops

LF Ops is an internal employee of Linux Foundation who can manage all administrative activities of the organization.

LF PM

LF PM is an internal employee of Linux Foundation who can manage multiple projects.

LF Training

LF Training is an internal employee of Linux Foundation who can manage the role of trainer and trains the members on various projects.

Mentee

Mentee may be an individual member or a member belonging to any organization who can enroll in a project as an apprentice or trainee. Mentees will get training and guidance on the project that can help the mentee to advance in their careers.

Mentor

Mentor may be an individual member or a member of any organization who contributes to various open source projects and helps to train and guide mentees on their apprentice programs.

Project Maintainer

Project Maintainer is an individual member who has been assigned administrative rights to control and manage activities related to mentorship programs and open source projects.

Project Manager

Project Manager is a member of an organization who has been authenticated to create and manage projects and users.

User

An authenticated individual who has been assigned predefined roles and permission by the administrator. A user can view all projects and organizations.