doc small language fixes

Signed-off-by: shirady <[email protected]>
noobaa · Sep 5, 2024 · 14a1aae · 14a1aae
1 parent 77a251b
commit 14a1aae
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/docs/design/iam.md b/docs/design/iam.md
@@ -166,6 +166,37 @@ Notice the `users/` directory with a symlink of the username to its config file
 └── system.json
 ```
 
+#### Naming Scope
+- Account names are unique between the accounts, for example if we have account name John, you cannot create a new account with the name John (and also cannot update the name of an existing account to John).
+- Usernames are unique only in side the account, for example: username Robert can be under account-1 and another user with username Robert can be under account-2.
+Note: username cannot be the same as the account, for example: under account John we cannot create username John (and also cannot update the name of an existing username to John). The reason for limiting it that in the IAM API of Access Key (for example ListAccessKeys) it can be done by account on himself or on another user, and it passes the `--user-name` flag.
+
+Example: 2 accounts (alice and bob) both of them have user with username Robert (notice the different ID number).
+```sh
+├── access_keys
+│   ├── Zzto3OwtGflQrqD41h3SEXAMPLE.symlink -> ../identities/66d81ec79eac82ed43cdee73/identity.json
+│   └── Yser45gyHaghebY62wsUEXAMPLE.symlink -> ../identities/66d8351a92b8dd91b550aa71/identity.json
+├── accounts_by_name
+│   ├── alice.symlink -> ../identities/66d81ec79eac82ed43cdee73/identity.json
+│   └── bob.symlink -> ../identities/66d8351a92b8dd91b550aa71/identity.json
+├── buckets
+├── identities
+│   ├── 66d81ec79eac82ed43cdee73
+│   │   ├── identity.json
+│   │   └── users
+│   │       └── Robert.symlink -> ../../66d834df78e973023abd80cb/identity.json
+│   ├── 66d834df78e973023abd80cb
+│   │   └── identity.json
+│   ├── 66d8351a92b8dd91b550aa71
+│   │   ├── identity.json
+│   │   └── users
+│   │       └── Robert.symlink -> ../../66d83529e09267f53e705373/identity.json
+│   └── 66d83529e09267f53e705373
+│       └── identity.json
+├── master_keys.json
+└── system.json
+```
+
 ## Other
 ### Terminology - AWS vs NooBaa
 |   | AWS | NooBaa |