From d30491ff0af3c60b686221a8ba4ba4600edb0fc3 Mon Sep 17 00:00:00 2001 From: linfraze Date: Thu, 3 Apr 2025 15:56:42 -0400 Subject: [PATCH 1/3] RHIDP-5483: Update Authorization Preface --- ...bly-configuring-authorization-in-rhdh.adoc | 23 ++++++------------- titles/authentication/master.adoc | 1 - 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index d637637ed6..2f9cc7a505 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -1,26 +1,18 @@ [id='configuring-authorization-in-rhdh'] = Configuring authorization in {product} -In link:{authorization-book-url}[{authentication-book-title}], you learnt how to authenticate users to {product}. -{product-short} knowns who the users are. +Administrators can authorize users to perform actions and define what users can do in {product-short}. -In this book, learn how to authorize users to perform actions in {product-short}. -Define what users can do in {product-short}. +Role-based access control (RBAC) is a security concept that controls access to resources in a system. RBAC specifies a mapping between users of the system and the actions that those users can perform on resources in the system. +You can use RBAC to define roles with specific permissions and then assign the roles to users and groups. -Role-Based Access Control (RBAC) is a security concept that controls access to resources in a system, and specifies a mapping between users of the system, and the actions they can perform on resources in the system. -You define roles with specific permissions, and then assign the roles to users and groups. +RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. Rather than defining policies in code, you can use the {product-short} RBAC feature to define policies in a declarative fashion by using a simple CSV based format. You can define the policies by using {product-short} web interface or REST API instead of editing the CSV directly. -RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. -Rather than defining policies in code, -the {product-short} RBAC feature allows you -to define policies in a declarative fashion using a simple CSV based format. -You can define the policies by using {product-short} web interface or REST API, rather than editing the CSV directly. +An administrator can define authorizations in {product-short} by taking the following steps: -To define authorizations in {product-short}: +. Enable the RBAC feature and give authorized users access to the feature. -. The {product-short} administrator enables and gives access to the RBAC feature. - -. You define your roles and policies by combining the following methods: +. Define roles and policies by combining the following methods: * The {product-short} policy administrator uses the {product-short} web interface or REST API. * The {product-short} administrator edits the main {product-short} configuration file. @@ -58,4 +50,3 @@ include::modules/authorization/con-user-stats-rhdh.adoc[leveloffset=+1] include::modules/authorization/proc-download-user-stats-rhdh.adoc[leveloffset=+2] - diff --git a/titles/authentication/master.adoc b/titles/authentication/master.adoc index 0db027bd0c..15ec5aa224 100644 --- a/titles/authentication/master.adoc +++ b/titles/authentication/master.adoc @@ -10,4 +10,3 @@ include::artifacts/attributes.adoc[] //{abstract} include::assemblies/assembly-enabling-authentication.adoc[] - From 7f2b752af6d8f85456a95e30b7c003fb5363b766 Mon Sep 17 00:00:00 2001 From: linfraze Date: Thu, 3 Apr 2025 16:21:36 -0400 Subject: [PATCH 2/3] RHIDP-5483: Update Authorization Abstract --- titles/authorization/master.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/titles/authorization/master.adoc b/titles/authorization/master.adoc index 1ac9860e0d..0ebc0a6db2 100644 --- a/titles/authorization/master.adoc +++ b/titles/authorization/master.adoc @@ -3,7 +3,7 @@ include::artifacts/attributes.adoc[] :imagesdir: images :title: Authorization in {product} :subtitle: Configuring authorization by using role based access control (RBAC) in {product} -:abstract: As a {product} platform engineer, you can manage authorizations of other users by using role based access control (RBAC) to meet the specific needs of your organization. +:abstract: {product} administrators can use role-based access control (RBAC) to manage authorizations of other users. //[id="{context}"] //= {title} From b83e61d02f8e74d8aadbf58969e3490185eb4741 Mon Sep 17 00:00:00 2001 From: linfraze Date: Wed, 16 Apr 2025 12:46:14 -0400 Subject: [PATCH 3/3] RHIDP-5483: Apply reviewer suggestions --- assemblies/assembly-configuring-authorization-in-rhdh.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index 2f9cc7a505..37d9b8f708 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -3,7 +3,7 @@ Administrators can authorize users to perform actions and define what users can do in {product-short}. -Role-based access control (RBAC) is a security concept that controls access to resources in a system. RBAC specifies a mapping between users of the system and the actions that those users can perform on resources in the system. +Role-based access control (RBAC) is a security concept that defines how to control access to resources in a system by specifying a mapping between users of the system and the actions that those users can perform on resources in the system. You can use RBAC to define roles with specific permissions and then assign the roles to users and groups. RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. Rather than defining policies in code, you can use the {product-short} RBAC feature to define policies in a declarative fashion by using a simple CSV based format. You can define the policies by using {product-short} web interface or REST API instead of editing the CSV directly.