Airbnb的规模化访问管理方法

How Airbnb securely manages permissions for our large team of employees, contractors, and call center staff.

Airbnb如何为我们庞大的员工团队、承包商和呼叫中心员工安全地管理权限。

Introduction

简介

Airbnb is a company that is built on trust. An important piece of this trust comes from protecting the data that our guests and hosts have shared with us. One of the ways we do this is by following the principle of least privilege. Least privilege dictates that–in an ideal world–an employee has the exact permissions they need at the moment their job requires them. Nothing more, nothing less. Anything more introduces unnecessary risk–whether from a malicious employee, compromised laptop, or even just an honest mistake. Anything less inhibits productivity.

Airbnb是一家建立在信任之上的公司。这种信任的一个重要部分来自于保护我们的客人和房东与我们分享的数据。我们做到这一点的方法之一是遵循最小特权原则。最低权限规定，在一个理想的世界里，一个员工在其工作需要的时候拥有他们所需要的确切权限。没有更多，也没有更少。任何更多的东西都会带来不必要的风险--无论是来自恶意的员工、被泄露的笔记本电脑，甚至只是一个诚实的错误。任何不足都会抑制生产力。

Not only has enforcing least privilege always been crucial for maintaining trust, it’s rapidly becoming a legal necessity. Airbnb operates in almost every country and region in the world necessitating that we comply with an ever increasing set of data privacy regulations.

执行最低限度的特权不仅对维持信任至关重要，而且正在迅速成为一种法律上的需要。Airbnb在全球几乎每个国家和地区都有业务，因此我们必须遵守一系列不断增加的数据隐私法规。

Administrators can effectively solve these problems with minimal tooling in small companies when an individual can track the work of all colleagues. But as a company grows, this approach does not scale. In this post, we will explain how Airbnb uses a novel software solution to maintain least privilege while enabling our large team of employees, contractors, and call center agents to do our jobs effectively and efficiently.

在小公司，当一个人可以跟踪所有同事的工作时，管理员可以用最小的工具有效地解决这些问题。但随着公司的发展，这种方法就无法扩展。在这篇文章中，我们将解释Airbnb是如何使用一种新颖的软件解决方案来保持最小的特权，同时使我们的员工、承包商和呼叫中心代理组成的庞大团队能够有效和高效地完成工作。

Where We Started

我们开始的地方

In Airbnb’s early days a combination of homegrown and vendor solutions were implemented, but the lack of a unifying architecture prevented us fr...