redhat-developer · Gerry-Forde · Nov 15, 2024 · Nov 7, 2024 · Nov 7, 2024 · Nov 7, 2024
diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc
@@ -30,9 +30,15 @@ To apply RBAC in {product-short}:
 include::modules/authorization/proc-enabling-the-rbac-plugin.adoc[leveloffset=+1]
 
 
+include::modules/authorization/con-permission-policy-and-role-source.adoc[leveloffset=+1]
+
+
 include::assembly-managing-authorizations-by-using-the-rhdh-web-ui.adoc[leveloffset=+1]
 
 
+include::assembly-managing-authorizations-by-using-the-rest-api.adoc[leveloffset=+1]
+
+
 include::modules/authorization/ref-rbac-permission-policies.adoc[leveloffset=+1]
 
 
@@ -55,17 +61,8 @@ include::modules/authorization/ref-rbac-conditional-policy-definition.adoc[level
 include::modules/authorization/proc-rbac-config-conditional-policy-file.adoc[leveloffset=+2]
 
 
-
 include::modules/authorization/con-user-stats-rhdh.adoc[leveloffset=+1]
 
 
 include::modules/authorization/proc-download-user-stats-rhdh.adoc[leveloffset=+2]
 
-
-include::modules/authorization/con-rbac-rest-api.adoc[leveloffset=+1]
-
-
-include::modules/authorization/proc-rbac-send-request-rbac-rest-api.adoc[leveloffset=+2]
-
-
-include::modules/authorization/ref-rbac-rest-api-endpoints.adoc[leveloffset=+2]
diff --git a/assemblies/assembly-managing-authorizations-by-using-the-rest-api.adoc b/assemblies/assembly-managing-authorizations-by-using-the-rest-api.adoc
@@ -0,0 +1,25 @@
+[id='managing-authorizations-by-using-the-rest-api']
+= Managing authorizations by using the REST API
+
+To automate the maintenance of {product} permission policies and roles, you can use {product-short} role-based access control (RBAC) REST API.
+
+You can perform the following actions with the REST API:
+
+* Retrieve information about:
+** All permission policies
+** Specific permission policies
+** Specific roles
+** Static plugins permission policies
+* Create, update, or delete:
+** Permission policy
+** Role
+
+
+include::modules/authorization/proc-sending-request-to-the-rbac-rest-api-by-using-curl.adoc[leveloffset=+1]
+
+
+include::modules/authorization/proc-sending-request-to-the-rbac-rest-api-by-using-a-rest-client.adoc[leveloffset=+1]
+
+
+include::modules/authorization/ref-rbac-rest-api-endpoints.adoc[leveloffset=+1]
+
diff --git a/modules/authorization/con-permission-policy-and-role-source.adoc b/modules/authorization/con-permission-policy-and-role-source.adoc
@@ -0,0 +1,29 @@
+[id='con-permission-policy-and-role-source']
+= Understanding permission policy and role configuration source
+
+You can manipulate permission policies and roles based on the following designated source information:
+
+* CSV file
+* Configuration file
+* REST API
+* Legacy
+
+Each permission policy and role is associated with a source to maintain data consistency.
+Therefore, when a policy has been created in a CSV file, you cannot change it by using the REST API.
+
+
+Managing roles and permission policies originating from CSV files and REST API involves straightforward modification based on their initial source information.
+
+The Configuration file pertains to the default `role:default/rbac_admin` role provided by the RBAC plugin.
+The default role has limited permissions to create, read, update, and delete permission policies or roles, and to read catalog entities.
+
+[NOTE]
+====
+In case the default permissions are insufficient for your administrative requirements, you can create a custom admin role with required permission policies.
+====
+
+The legacy source applies to policies and roles defined before RBAC backend plugin version `2.1.3`, and is the least restrictive among the source location options.
+You must update the permissions and roles in legacy source to use either REST API or the CSV file sources.
+
+You can use the `GET` requests to query roles and policies and determine the source information, if required.
+
diff --git a/modules/authorization/con-rbac-rest-api.adoc b/modules/authorization/con-rbac-rest-api.adoc
diff --git a/modules/authorization/proc-rbac-send-request-rbac-rest-api.adoc b/modules/authorization/proc-rbac-send-request-rbac-rest-api.adoc
diff --git a/...orization/proc-sending-request-to-the-rbac-rest-api-by-using-a-rest-client.adoc b/...orization/proc-sending-request-to-the-rbac-rest-api-by-using-a-rest-client.adoc
@@ -0,0 +1,33 @@
+[id='proc-rbac-sending-requests-to-the-rbac-rest-api-by-using-a-rest-client_{context}']
+= Sending requests to the RBAC REST API by using a REST client
+
+You can send RBAC REST API requests using any REST client.
+
+.Prerequisites
+* xref:enabling-and-giving-access-to-rbac[You have access to the RBAC feature].
+
+.Procedure
+include::snip-finding-bearer-token.adoc[]
+
+. In your REST client, run a command with the following parameters and review the response:
++
+--
+Authorization::
+Enter your saved authorization token.
+
+HTTP method::
+Enter the HTTP method for your xref:ref-rbac-rest-api-endpoints_{context}[API endpoint].
+
+* `GET`: To retrieve specified information from a specified resource endpoint.
+* `POST`: To create or update a resource.
+* `PUT`: To update a resource.
+* `DELETE`: To delete a resource.
+
+URL::
+Enter your {product-short} URL and xref:ref-rbac-rest-api-endpoints_{context}[API endpoint]: pass:c,a,q[{my-product-url}/__<endpoint>__], such as
+`pass:c,a,q[{my-product-url}/api/permission/policies]`.
+
+Body::
+Enter the JSON body with data that your xref:ref-rbac-rest-api-endpoints_{context}[API endpoint] might need with the HTTP `POST` request.
+--
+