From d5f19a7923175e3ebbe0afb3bbb2cd39cd82b018 Mon Sep 17 00:00:00 2001 From: linfraze Date: Thu, 3 Apr 2025 15:56:42 -0400 Subject: [PATCH 1/3] RHIDP-5483: Update Authorization Preface --- ...bly-configuring-authorization-in-rhdh.adoc | 23 ++++++------------- titles/authentication/master.adoc | 1 - 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index 217a146e57..c6f615137f 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -1,26 +1,18 @@ [id='configuring-authorization-in-rhdh'] = Configuring authorization in {product} -In link:{authorization-book-url}[{authentication-book-title}], you learnt how to authenticate users to {product}. -{product-short} knowns who the users are. +Administrators can authorize users to perform actions and define what users can do in {product-short}. -In this book, learn how to authorize users to perform actions in {product-short}. -Define what users can do in {product-short}. +Role-based access control (RBAC) is a security concept that controls access to resources in a system. RBAC specifies a mapping between users of the system and the actions that those users can perform on resources in the system. +You can use RBAC to define roles with specific permissions and then assign the roles to users and groups. -Role-Based Access Control (RBAC) is a security concept that controls access to resources in a system, and specifies a mapping between users of the system, and the actions they can perform on resources in the system. -You define roles with specific permissions, and then assign the roles to users and groups. +RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. Rather than defining policies in code, you can use the {product-short} RBAC feature to define policies in a declarative fashion by using a simple CSV based format. You can define the policies by using {product-short} web interface or REST API instead of editing the CSV directly. -RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. -Rather than defining policies in code, -the {product-short} RBAC feature allows you -to define policies in a declarative fashion using a simple CSV based format. -You can define the policies by using {product-short} web interface or REST API, rather than editing the CSV directly. +An administrator can define authorizations in {product-short} by taking the following steps: -To define authorizations in {product-short}: +. Enable the RBAC feature and give authorized users access to the feature. -. The {product-short} administrator enables and gives access to the RBAC feature. - -. You define your roles and policies by combining the following methods: +. Define roles and policies by combining the following methods: * The {product-short} policy administrator uses the {product-short} web interface or REST API. * The {product-short} administrator edits the main {product-short} configuration file. @@ -57,4 +49,3 @@ include::modules/authorization/con-user-stats-rhdh.adoc[leveloffset=+1] include::modules/authorization/proc-download-user-stats-rhdh.adoc[leveloffset=+2] - diff --git a/titles/authentication/master.adoc b/titles/authentication/master.adoc index 9c4afeb354..76c5e34d56 100644 --- a/titles/authentication/master.adoc +++ b/titles/authentication/master.adoc @@ -10,4 +10,3 @@ include::artifacts/attributes.adoc[] //{abstract} include::assemblies/assembly-enabling-authentication.adoc[] - From 74710187073c71867bc832bb6b24b7d0b0a68174 Mon Sep 17 00:00:00 2001 From: linfraze Date: Thu, 3 Apr 2025 16:21:36 -0400 Subject: [PATCH 2/3] RHIDP-5483: Update Authorization Abstract --- titles/authorization/master.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/titles/authorization/master.adoc b/titles/authorization/master.adoc index f864dbbf0d..a48e710d21 100644 --- a/titles/authorization/master.adoc +++ b/titles/authorization/master.adoc @@ -3,7 +3,7 @@ include::artifacts/attributes.adoc[] :imagesdir: images :title: Authorization :subtitle: Configuring authorization by using role based access control (RBAC) in {product} -:abstract: As a {product} platform engineer, you can manage authorizations of other users by using role based access control (RBAC) to meet the specific needs of your organization. +:abstract: {product} administrators can use role-based access control (RBAC) to manage authorizations of other users. //[id="{context}"] //= {title} From 6eeb30c2257d85378ccbe5de3ee3d172c989c7a1 Mon Sep 17 00:00:00 2001 From: linfraze Date: Wed, 16 Apr 2025 12:46:14 -0400 Subject: [PATCH 3/3] RHIDP-5483: Apply reviewer suggestions --- assemblies/assembly-configuring-authorization-in-rhdh.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index c6f615137f..c140dab213 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -3,7 +3,7 @@ Administrators can authorize users to perform actions and define what users can do in {product-short}. -Role-based access control (RBAC) is a security concept that controls access to resources in a system. RBAC specifies a mapping between users of the system and the actions that those users can perform on resources in the system. +Role-based access control (RBAC) is a security concept that defines how to control access to resources in a system by specifying a mapping between users of the system and the actions that those users can perform on resources in the system. You can use RBAC to define roles with specific permissions and then assign the roles to users and groups. RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. Rather than defining policies in code, you can use the {product-short} RBAC feature to define policies in a declarative fashion by using a simple CSV based format. You can define the policies by using {product-short} web interface or REST API instead of editing the CSV directly.