Users and Groups Overview

When managing access to Border0 sockets, access can be granted for users (static emails) or groups by including them in Border0 policies.

Users come in handy when you want to grant access to just a handful of users, or if you wish to quickly add one user to just one policy.

Groups come in handy when your company/organization has clear definitions of which users should have access to what. In most cases, groups should be treated as analogous to teams in an engineering organzation. For example if your company has several engineering teams, a typical Border0 set-up would be to define a group for each team and assign each group to the policies of the sockets which are relevant to that team's operations.

Distinction Between Admin Users and Client Users

It is important to note that there are two distinct types of users in Border0: admin users and client users.

  • Admin Users are users who have the ability to make changes to socket/service configuration (e.g. change username and password for an SSH socket), make changes to access control (e.g. modify policies for sockets), create/remove connectors, and so on...
  • Client Users are users who have client access to sockets. That is, they can connect to databases, servers, and web applications - they cannot make any kind of changes in your Border0 organization.

In this section we will be focusing on Client Users exclusively.