You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/nginx-one/rbac/rbac-api.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,15 +7,15 @@ product: NGINX One
7
7
docs: DOCS-000
8
8
---
9
9
10
-
Beyond [Default roles]({{< relref "/nginx-one/rbac/roles.md" >}}), you may need to set up custom roles. For convenience, we include a list of API groups that you could use to specify permissions for custom roles.
10
+
Beyond the [Default roles]({{< relref "/nginx-one/rbac/roles.md" >}}) for NGINX One Console access, there may be cases where creating [custom roles](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt/roles#custom-roles) with more precisely defined access is desired. For this use-case, we include a list of API Groups that can be used to specify permissions for custom roles with more granular access controls to NGINX One Console APIs.
11
11
12
-
These are not NGINX One APIs.
12
+
Custom roles can be assigned to users or service accounts, and associated with specific namespaces, offering a way to maintain principle of least privilege across your tenant.
13
13
14
14
## F5 API groups for NGINX One
15
15
16
-
The following table lists the **[F5 XC roles](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt/roles)** that you can use. These are narrowly scoped API Groups that align with all the features and functionality within the NGINX One Console. These groups can help you create custom roles tailored to your specific needs.
16
+
The following table lists the available API Groups that you can use to construct a Role. These are narrowly scoped API Groups that align with all the features and functionality within the NGINX One Console. These groups can help you create custom roles tailored to your specific needs.
17
17
18
-
{{< note >}}If you create custom roles using the more granular API Groups, users may not have access until you add the corresponding API Groups to their roles.{{< /note >}}
18
+
{{< note >}}If you create custom roles using these API Groups, users may not have access to all capabilities of the UI Console.{{< /note >}}
19
19
20
20
| API Group Name | Level of Access | Description |
| f5xc-nginx-one-custom-data-plane-key-manage | Write | View, create, update, and delete any Data Plane Keys. Note: The actual Data Plane Key is shown _only_ when created. |
Copy file name to clipboardExpand all lines: content/nginx-one/rbac/roles.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ We provide three default **[roles](https://docs.cloud.f5.com/docs-v2/administrat
13
13
14
14
### Admin
15
15
16
-
The Admin role, identified as <code>f5xc-nginx-one-admin</code>, provides full read and write access to all endpoints and features within the NGINX One Console.
16
+
The Admin role, identified as <code>f5xc-nginx-one-admin</code>, provides full read and write access to all endpoints and features within the NGINX One Console, and related services.
0 commit comments