From 302629300b23ac1fae712d1570b32b31edcaa0d9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabrice=20Flore-Th=C3=A9bault?= Date: Wed, 16 Oct 2024 17:31:14 +0200 Subject: [PATCH 1/2] RHIDP-3974 managing authorization using the Web UI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabrice Flore-Thébault --- ...ssembly-configuring-authorization-in-rhdh.adoc | 14 +++----------- ...g-authorizations-by-using-the-rhdh-web-ui.adoc | 15 +++++++++++++++ .../authorization/proc-rbac-ui-create-role.adoc | 4 +--- .../authorization/proc-rbac-ui-delete-role.adoc | 6 ++---- modules/authorization/proc-rbac-ui-edit-role.adoc | 4 +--- .../authorization/proc-rbac-ui-manage-roles.adoc | 10 ---------- 6 files changed, 22 insertions(+), 31 deletions(-) create mode 100644 assemblies/assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc delete mode 100644 modules/authorization/proc-rbac-ui-manage-roles.adoc diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index 6089d3cc52..87846526a8 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -4,6 +4,9 @@ include::modules/authorization/con-rbac-overview.adoc[leveloffset=+1] +include::assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc[leveloffset=+1] + + include::modules/authorization/ref-rbac-permission-policies.adoc[leveloffset=+1] @@ -29,17 +32,6 @@ include::modules/authorization/ref-rbac-conditional-policy-definition.adoc[level include::modules/authorization/proc-rbac-config-conditional-policy-file.adoc[leveloffset=+2] -include::modules/authorization/proc-rbac-ui-manage-roles.adoc[leveloffset=+1] - - -include::modules/authorization/proc-rbac-ui-create-role.adoc[leveloffset=+2] - - -include::modules/authorization/proc-rbac-ui-edit-role.adoc[leveloffset=+2] - - -include::modules/authorization/proc-rbac-ui-delete-role.adoc[leveloffset=+2] - include::modules/authorization/con-user-stats-rhdh.adoc[leveloffset=+1] diff --git a/assemblies/assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc b/assemblies/assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc new file mode 100644 index 0000000000..dda7c1195e --- /dev/null +++ b/assemblies/assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc @@ -0,0 +1,15 @@ +[id='proc-rbac-ui-manage-roles_{context}'] += Managing role-based access controls (RBAC) using the {product} Web UI + +Policy administrators can use the {product-short} web interface (Web UI) to allocate specific roles and permissions to individual users or groups. Allocating roles ensures that access to resources and functionalities is regulated across the {product-short}. + +With the policy administrator role in {product-short}, you can assign permissions to users and groups, which allow users or groups to view, create, modify, and delete the roles using the {product-short} Web UI. + + +include::modules/authorization/proc-rbac-ui-create-role.adoc[leveloffset=+1] + + +include::modules/authorization/proc-rbac-ui-edit-role.adoc[leveloffset=+1] + + +include::modules/authorization/proc-rbac-ui-delete-role.adoc[leveloffset=+1] diff --git a/modules/authorization/proc-rbac-ui-create-role.adoc b/modules/authorization/proc-rbac-ui-create-role.adoc index f26abb6cd2..97e514aa03 100644 --- a/modules/authorization/proc-rbac-ui-create-role.adoc +++ b/modules/authorization/proc-rbac-ui-create-role.adoc @@ -4,9 +4,7 @@ You can create a role in the {product} using the Web UI. .Prerequisites -* You have an administrator role in the {product-short}. -* You have installed the `@janus-idp/backstage-plugin-rbac` plugin in {product-short}. For more information, see link:{LinkPluginsGuide}[{NameOfPluginsGuide}]. -* You have configured the required permission policies. For more information, see xref:con-rbac-config-permission-policies_{context}[]. +* You xref:enabling-and-giving-access-to-rbac[have enabled RBAC and have a policy administrator role in {product-short}]. .Procedure diff --git a/modules/authorization/proc-rbac-ui-delete-role.adoc b/modules/authorization/proc-rbac-ui-delete-role.adoc index 48746147af..867ec2bf6d 100644 --- a/modules/authorization/proc-rbac-ui-delete-role.adoc +++ b/modules/authorization/proc-rbac-ui-delete-role.adoc @@ -9,9 +9,7 @@ The policies generated from a `policy.csv` or ConfigMap file cannot be edited or ==== .Prerequisites -* You have an administrator role in the {product-short}. -* You have installed the `@janus-idp/backstage-plugin-rbac` plugin in {product-short}. For more information, see link:{LinkPluginsGuide}[{NameOfPluginsGuide}]. -* You have configured the required permission policies. For more information, see xref:con-rbac-config-permission-policies_{context}[]. +* You xref:enabling-and-giving-access-to-rbac[have enabled RBAC and have a policy administrator role in {product-short}]. * The role that you want to delete is created in the {product-short}. .Procedure @@ -26,4 +24,4 @@ The *RBAC* tab appears, displaying all the created roles in the {product-short}. . Select the delete icon from the *Actions* column for the role that you want to delete. + *Delete this role?* pop-up appears on the screen. -. Click *DELETE*. \ No newline at end of file +. Click *DELETE*. diff --git a/modules/authorization/proc-rbac-ui-edit-role.adoc b/modules/authorization/proc-rbac-ui-edit-role.adoc index 58387edfa2..c426d62f3b 100644 --- a/modules/authorization/proc-rbac-ui-edit-role.adoc +++ b/modules/authorization/proc-rbac-ui-edit-role.adoc @@ -9,9 +9,7 @@ The policies generated from a `policy.csv` or ConfigMap file cannot be edited or ==== .Prerequisites -* You have an administrator role in the {product-short}. -* You have installed the `@janus-idp/backstage-plugin-rbac` plugin in {product-short}. For more information, see link:{LinkPluginsGuide}[{NameOfPluginsGuide}]. -* You have configured the required permission policies. For more information, see xref:con-rbac-config-permission-policies_{context}[]. +* You xref:enabling-and-giving-access-to-rbac[have enabled RBAC and have a policy administrator role in {product-short}]. * The role that you want to edit is created in the {product-short}. .Procedure diff --git a/modules/authorization/proc-rbac-ui-manage-roles.adoc b/modules/authorization/proc-rbac-ui-manage-roles.adoc deleted file mode 100644 index 09ca3d11de..0000000000 --- a/modules/authorization/proc-rbac-ui-manage-roles.adoc +++ /dev/null @@ -1,10 +0,0 @@ -[id='proc-rbac-ui-manage-roles_{context}'] -= Managing role-based access controls (RBAC) using the {product} Web UI - -Administrators can use the {product-short} web interface (Web UI) to allocate specific roles and permissions to individual users or groups. Allocating roles ensures that access to resources and functionalities is regulated across the {product-short}. - -With the administrator role in {product-short}, you can assign permissions to users and groups, which allow users or groups to view, create, modify, and delete the roles using the {product-short} Web UI. - -To access the RBAC features in the Web UI, you must install and configure the `@janus-idp/backstage-plugin-rbac` plugin as a dynamic plugin. For more information about installing a dynamic plugin, see link:{LinkPluginsGuide}[{NameOfPluginsGuide}]. - -After you install the `@janus-idp/backstage-plugin-rbac` plugin, the *Administration* option appears at the bottom of the sidebar. When you can click *Administration*, the RBAC tab appears by default, displaying all of the existing roles created in the {product-short}. In the RBAC tab, you can also view the total number of users, groups, and the total number of permission policies associated with a role. You can also edit or delete a role using the *Actions* column. \ No newline at end of file From 439603633b73ebec95c51c11338cd617d39c3500 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabrice=20Flore-Th=C3=A9bault?= Date: Thu, 17 Oct 2024 14:23:49 +0200 Subject: [PATCH 2/2] Update assemblies/assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc Co-authored-by: Dominika Zemanovicova <36102317+dzemanov@users.noreply.github.com> --- ...sembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assemblies/assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc b/assemblies/assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc index dda7c1195e..88655ee776 100644 --- a/assemblies/assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc +++ b/assemblies/assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc @@ -3,7 +3,7 @@ Policy administrators can use the {product-short} web interface (Web UI) to allocate specific roles and permissions to individual users or groups. Allocating roles ensures that access to resources and functionalities is regulated across the {product-short}. -With the policy administrator role in {product-short}, you can assign permissions to users and groups, which allow users or groups to view, create, modify, and delete the roles using the {product-short} Web UI. +With the policy administrator role in {product-short}, you can assign permissions to users and groups. This role allows you to view, create, modify, and delete the roles using {product-short} Web UI. include::modules/authorization/proc-rbac-ui-create-role.adoc[leveloffset=+1]