Skip to content

Blog: Meet Horizon UI 14/17 — Access Control & Security (EN & CN)#882

Merged
wu-sheng merged 1 commit into
masterfrom
blog/horizon-ui-access-control
Jun 30, 2026
Merged

Blog: Meet Horizon UI 14/17 — Access Control & Security (EN & CN)#882
wu-sheng merged 1 commit into
masterfrom
blog/horizon-ui-access-control

Conversation

@wu-sheng

Copy link
Copy Markdown
Member

Part 14 of the Meet Horizon UI series — opening Act 4 (govern & secure). Horizon's own access control, in English and Chinese. The through-line: it's all BFF-side governance, enforced on every request, independent of OAP version (never touches the OAP admin host).

Content

  • Authentication — Local (Argon2id) or LDAP/AD (bind + group→role mapping); enumeration-resistant login with a backend-status pill and a pre-auth locale chip. The Auth status admin view shows backend health and the active-session count on this BFF node (not cluster-wide).
  • RBAC — four cumulative roles (viewer → maintainer → operator → admin), dot-namespaced verbs with wildcards, and the Roles & Permissions board (menu-visibility matrix + per-area action matrices). Read-only (roles in horizon.yaml, hot-reload); server-enforced (401/403, mandatory route→verb table) with UI defense-in-depth.
  • Users — every account with source/roles/last-seen; last-seen + active counts are per-BFF-node, in-memory.
  • Audit & break-glass — append-only JSON-Lines audit log (writes only); break-glass is a local admin that works only when LDAP is the backend and unreachable, doesn't bypass RBAC, and is double-logged.
  • Themes — five bundled (Horizon/Meridian/Obsidian/Daybreak/Aurora), per-device override + admin org default.

Figures (5, WebP, shared EN/CN)

  1. Login page (backend pill + locale chip)
  2. Auth status (backend health + per-node session count)
  3. Roles & Permissions — role cards + menu-visibility matrix (cropped)
  4. Users — accounts with source/roles/last-seen
  5. Global Defaults — the five theme preview cards

Render-verified against the code and adversarially fact-checked (ship-as-is). Screenshots from the demo (local auth; LDAP + break-glass covered in prose).

Part 14 of the Meet Horizon UI series, opening Act 4 (govern & secure).
Horizon's own BFF-side governance — server-enforced RBAC (four cumulative
roles, dot-namespaced verbs, the Roles & Permissions board), local and
LDAP/AD authentication, an append-only JSON-Lines audit log, an LDAP-only
break-glass hatch, and five themes. All enforced in the BFF and independent
of OAP version. English and Chinese posts, 5 shared figures (WebP); the
roles board is cropped to the role cards + menu-visibility matrix.
@netlify

netlify Bot commented Jun 30, 2026

Copy link
Copy Markdown

Deploy Preview for skywalking-website-preview failed.

Name Link
🔨 Latest commit 90112ae
🔍 Latest deploy log https://app.netlify.com/projects/skywalking-website-preview/deploys/6a43449798e4d40008d32526

@wu-sheng wu-sheng merged commit 0cc2f9e into master Jun 30, 2026
1 of 5 checks passed
@wu-sheng wu-sheng deleted the blog/horizon-ui-access-control branch June 30, 2026 04:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant