Domain (Tenant)
To achieve multi-tenant effects, the authentication service provides the concept of domains. A domain has a complete user authentication system and resource and permission system, allowing a domain administrator to completely autonomously manage users, groups, projects, roles, and permission policies within the domain.
Domain Attributesâ
| Field Name | Description |
|---|---|
| id | ID, read-only |
| name | Name |
| enabled | Whether enabled |
Domain Restrictionsâ
- A domain can only be deleted when there are no projects, roles, or policies within the domain, and it is set to enabled=false state
- The default domain cannot be deleted
- The following attributes of domains synchronized from LDAP cannot be modified: name
Domain Namespaceâ
The domain namespace is global, meaning domain names are globally unique
Preset Valuesâ
After system initialization, a default domain is preset as the domain where the initial sysadmin account and system project are located