doc updates

xenophenes · xenophenes · commit 6e6e0fb8d1fc · 2018-06-22T11:20:23.000-07:00
diff --git a/hugo/content/getting-started/_index.adoc b/hugo/content/getting-started/_index.adoc
@@ -483,6 +483,14 @@ To delete a Postgres user in the *mycluster* cluster, execute:
 pgo user delete user sally --selector=name=mycluster
 ....
 
+To create a new Postgres user to the *mycluster* cluster that has credentials created with Kubernetes Secrets, use the *--managed* flag:
+....
+pgo create user sally --managed --selector=name=mycluster
+....
+
+A *managed* account is one that the Operator can manipulate as well; this means that when you run `pgo show cluster mycluster --show-secrets`
+their credentials are visible, when you run `pgo test mycluster` the account is tested with the other default accounts, etc.
+
 To change the password for a user in the *mycluster* cluster:
 ....
 pgo user --change-password=sally --selector=name=mycluster
@@ -498,7 +506,7 @@ pgo user --expired=7 --selector=name=mycluster
 
 To assign users to a cluster:
 ....
-pgo create user user1 --valid-days=30 --managed --db=userdb --selector=name=xraydb1
+pgo create user user1 --valid-days=30 --db=userdb --selector=name=xraydb1
 ....
 
 In this example, a user named *user1* is created with a *valid until* password date set to expire in 30 days.  That user will be granted access to the *userdb* database.  This user account also will have an associated *secret* created to hold the password that was generated for this user.  Any clusters that match the selector value will have this user created on it.
@@ -661,3 +669,14 @@ Database Images:
 
 Databases Not Ready:
 ....
+
+=== pgo show config
+
+The `pgo show config` command displays the running operator configuration
+parameters that dictate the setup and user defined configuration of the
+operator.  This command can be useful for sharing your configuration or
+verifying the setup is as expected.
+
+....
+pgo show config
+....
diff --git a/hugo/content/installation/deployment.adoc b/hugo/content/installation/deployment.adoc
@@ -77,6 +77,28 @@ The pgo client uses Basic Authentication to authenticate to the operator REST AP
 echo "username:password" > $HOME/.pgouser
 ....
 
+Roles are defined in a file called *pgorole*. This file defines each role and the
+permissions for that role. By default, two roles are defined as samples -
+....
+pgoadmin
+pgoreader
+....
+
+This file, moved to your $HOME folder, is optional. These default settings can be adjusted to meet local 
+security requirements.
+
+The format of this file is as follows -
+....
+rolename: permissionA, permissionB
+....
+
+These are defined in the following file -
+....
+$COROOT/conf/apiserver/pgorole
+....
+
+The complete set of permissions is documented in the link:/installation/configuration/[Configuration] document.
+
 The *pgo* client needs the URL to connect to the operator.
 
 Depending on your Kubernetes environment this can be done the following ways.
