Roles, secrets, and identity

Security in Nuvolos rests on three pillars: a role system that controls who can do what at every level of the hierarchy, a secrets system that handles credentials without exposing them on the file system, and identity providers that verify who you are when you log in. This chapter explains how the three fit together.

How the three layers fit together

Putting the three layers together: identity providers establish who you are, the role system controls what you can see and do at each level of the hierarchy, and secrets give your running Applications the credentials they need without exposing those credentials on disk.

This separation is what allows Nuvolos to host everything from open public datasets to confidential research projects within the same organisation, with the same UI, without those use cases interfering with each other.

Where to go next

For the full role × capability matrix, see Concepts › How roles are organised.
For administrative procedures on inviting and revoking members, see Administration › Organisation administration.

PreviousData storage NextHow roles are organised

Last updated 19 days ago

Was this helpful?