Instance-level vs. object-level access
There are two levels of users to consider when granting access to your Concert instance and the objects (your application and environment data) contained within it. Add instance-level users to grant access to your Concert instance. As you add data to Concert, you must define object-level permissions to grant access to specific applications and environments.
Instance-level access
Instance users defined in your connected user management service are granted some level access to your Concert instance based on the assigned instance-level role. Instance-level users and roles are typically managed in an external system that varies based on your Concert deployment method.
| Concert deployment method | Managing instance-level users | Related resources |
|---|---|---|
| SaaS |
Use IBM SaaS Console to add users to your Concert instance, assign roles, and more. |
Draft comment: erin.pelkey@ibm.com
Update this list if we add more details about SaaS user provisioning. |
| On-premises deployment to a Kubernetes cluster without using CPFS |
If you are not managing the deployment using CPFS, you can integrate with an OIDC-enabled Keycloak client to authenticate instance users and manage roles. |
|
| On-premises deployment to a virtual machine (VM) | Integrate with an OIDC-enabled Keycloak client to authenticate instance users and manage roles. |
Object-level users and roles
Object-level users have some level of access to your Concert instance based on the assigned instance-level role. Instance-level users and roles are typically managed in an external system that varies based on your Concert deployment method.
Add links to the implementation instructions and the instructions for managing instance users in this tool.