Skip to main content

Identity and RBAC

  • Purpose

    TheExplains how authentication and authorization work across the hierarchy, and how the CMS isenforces builtleast-privilege on a hierarchical model that reflects both technical resource allocation and commercial relationships.access.

    Platform AdministratorsAuthentication

    • Supports

      OwnCMS credentials and operatefederated the CMS instance.

    • Responsible for global configuration, branding, pricing, and overall governance.

    • Publish the plans and offers that define what downstream consumers can access.

    Distributors

    • Represent the top commercial tier beneath the platform.

    • Manage one or more partners and receive commission structures defined at the distributor level.

    • Can view aggregated billing, usage, and commission data across all associated partners and tenants.

    Partners

    • Manage tenants directly and act as the customer-facing entity.

    • Receive commission rates defined either at the partner level or inherited from their distributor.

    • Responsible for tenant onboarding, subscription assignment, and first-line customer support.

    Tenants

    • Represent the consuming organizationssign-in (e.g., endMicrosoft customers or internal business units)Entra).

    • Tokens

      Eachare tenantvalidated isfor isolatedissuer, audience, lifetime, and manages its own subscriptions, users, and administrators.

      signature.
    • Federation

      Billingsettings andcontrol usagewhether CMS login and/or Entra/Google login are trackedallowed.

      • at
    the

    Authorization tenantmodel

    and
      subscription
    • Role-based level,access control with visibilitybuilt-in extendedroles aligned to the parenthierarchy.
      • partner
    • Access andis distributor.

      scoped to the entity where the role is granted (platform, distributor, partner, tenant).

    SubscriptionsCommon roles (illustrative):

    • PlatformAdministrator

      The/ unitPlatformReader of/ consumption within a tenant.

      PlatformService
    • DistributorAdministrator

      Each/ subscription is tied to a published plan, which defines available services and quotas.

      DistributorReader
    • PartnerAdministrator

      Usage/ dataPartnerReader

      • is
    • TenantAdministrator collected/ per subscription and feeds into billing and commission calculations.

      TenantUser

    PlansScope and Offersinheritance

    • Roles

      do not leap across unrelated branches. A planPartner definesadmin servicecannot availabilitysee a Tenant owned by a different Partner.

    • Platform roles supersede lower scopes for operations and quotassupport.

    Audit and accountability

    • All sensitive actions (pricing, commission, usage processing, role assignment) should be traceable to an authenticated identity.
    • Logs and audit trails enable operational forensics and compliance reporting.

    Federation controls (examples)

    • Settings can enable/disable specific identity paths (e.g., VMallow sizes,Entra storageonly). limits, network allocations).

      First
    • First-login

      Multiplechecks plansshould canenforce beMFA bundled into an offer to provide a combined service package.

    • Platform administrators publish plansrequirements and offers,password whichchange arewhere then assigned downstream to subscriptions.

      applicable.

    Why This Matters

    This model ensures that both technical operations (resource allocation, usage metering) and commercial operations (billing, pricing, commissions) are aligned.

    • Distributors see their margin and aggregate activity across partners.

    • Partners focus on tenant-level management and customer billing.

    • Tenants consume services without needing awareness of the upstream layers.

Back to top