diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index 6089d3cc52..9779347b93 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -1,7 +1,30 @@ [id='configuring-authorization-in-rhdh'] = Configuring authorization in {product} -include::modules/authorization/con-rbac-overview.adoc[leveloffset=+1] +In link:{authorization-book-url}[{authentication-book-title}], you learnt how to authenticate users to {product}. +{product-short} knowns who the users are. + +In this book, learn how to authorize users to perform actions in {product-short}. +Define what users can do in {product-short}. + +Role-Based Access Control (RBAC) is a security concept that controls access to resources in a system, and specifies a mapping between users of the system, and the actions they can perform on resources in the system. +You define roles with specific permissions, and then assign the roles to users and groups. + +RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. +Rather than defining policies in code, +the {product-short} RBAC feature allows you +to define policies in a declarative fashion using a simple CSV based format. +You can define the policies by using {product-short} web interface or REST API, rather than editing the CSV directly. + +To apply RBAC in {product-short}: + +. The {product-short} administrator sets up the RBAC feature: +.. Enable the RBAC feature +.. Configure Policy Administrators + +. The {product-short} policy administrator configures your RBAC policies: +.. Define roles with specific permissions +.. Assign the roles to users and groups include::modules/authorization/ref-rbac-permission-policies.adoc[leveloffset=+1] diff --git a/modules/authorization/con-rbac-overview.adoc b/modules/authorization/con-rbac-overview.adoc deleted file mode 100644 index b050019444..0000000000 --- a/modules/authorization/con-rbac-overview.adoc +++ /dev/null @@ -1,6 +0,0 @@ -[id='con-rbac-overview_{context}'] -= Role-Based Access Control (RBAC) in {product} - -Role-Based Access Control is a security paradigm that restricts access to authorized users. This feature includes defining roles with specific permissions and then assigning those roles to the users. - -The {product} uses RBAC to improve the permission system within the platform. The RBAC feature in {product-short} introduces an administrator role and leverages the organizational structure including teams, groups, and users by facilitating efficient access control.