From d9e387d5d896ea7aa24c702189991f4cf3006a7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabrice=20Flore-Th=C3=A9bault?= Date: Wed, 16 Oct 2024 16:32:33 +0200 Subject: [PATCH] RHIDP-3971 authorization introduction MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Fabrice Flore-Thébault --- ...bly-configuring-authorization-in-rhdh.adoc | 25 ++++++++++++++++++- modules/authorization/con-rbac-overview.adoc | 6 ----- 2 files changed, 24 insertions(+), 7 deletions(-) delete mode 100644 modules/authorization/con-rbac-overview.adoc diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index 62f8dcde54..476178fe3a 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -1,7 +1,30 @@ [id='configuring-authorization-in-rhdh'] = Configuring authorization in {product} -include::modules/authorization/con-rbac-overview.adoc[leveloffset=+1] +In link:{authorization-book-url}[{authentication-book-title}], you learnt how to authenticate users to {product}. +{product-short} knowns who the users are. + +In this book, learn how to authorize users to perform actions in {product-short}. +Define what users can do in {product-short}. + +Role-Based Access Control (RBAC) is a security concept that controls access to resources in a system, and specifies a mapping between users of the system, and the actions they can perform on resources in the system. +You define roles with specific permissions, and then assign the roles to users and groups. + +RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. +Rather than defining policies in code, +the {product-short} RBAC feature allows you +to define policies in a declarative fashion using a simple CSV based format. +You can define the policies by using {product-short} web interface or REST API, rather than editing the CSV directly. + +To apply RBAC in {product-short}: + +. The {product-short} administrator sets up the RBAC feature: +.. Enable the RBAC feature +.. Configure Policy Administrators + +. The {product-short} policy administrator configures your RBAC policies: +.. Define roles with specific permissions +.. Assign the roles to users and groups include::modules/authorization/proc-enabling-the-rbac-plugin.adoc[leveloffset=+1] diff --git a/modules/authorization/con-rbac-overview.adoc b/modules/authorization/con-rbac-overview.adoc deleted file mode 100644 index b050019444..0000000000 --- a/modules/authorization/con-rbac-overview.adoc +++ /dev/null @@ -1,6 +0,0 @@ -[id='con-rbac-overview_{context}'] -= Role-Based Access Control (RBAC) in {product} - -Role-Based Access Control is a security paradigm that restricts access to authorized users. This feature includes defining roles with specific permissions and then assigning those roles to the users. - -The {product} uses RBAC to improve the permission system within the platform. The RBAC feature in {product-short} introduces an administrator role and leverages the organizational structure including teams, groups, and users by facilitating efficient access control.