diff --git a/assets/css/index.css b/assets/css/index.css index 9aafdaff99..277190e914 100644 --- a/assets/css/index.css +++ b/assets/css/index.css @@ -579,6 +579,11 @@ html { scrollbar-gutter: stable; } +/* Auto-clickable for standalone images */ +img:not(a img):not(.image-card-img):not([src*="#no-click"]) { + cursor: pointer; +} + /* Chroma syntax highlighting */ /* Background */ diff --git a/content/operate/rs/security/access-control/create-cluster-roles.md b/content/operate/rs/security/access-control/create-cluster-roles.md index 2374e0d8b7..d7e96fbef2 100644 --- a/content/operate/rs/security/access-control/create-cluster-roles.md +++ b/content/operate/rs/security/access-control/create-cluster-roles.md @@ -51,33 +51,33 @@ Here's a summary of the Cluster Manager UI actions permitted by each default man You can use the [Cluster Manager UI](#create-roles-ui) or the [REST API](#define-roles-rest-api) to create a role that grants cluster access but does not grant access to any databases. -### Cluster Manager UI method {#create-roles-ui} +{{< multitabs id="create-cluster-role" +tab1="Cluster Manager UI" +tab2="REST API" >}} -To create a role that grants cluster access: +To create a role that grants cluster access using the Cluster Manager UI: 1. From **Access Control** > **Roles**, you can: - - Point to a role and select {{< image filename="/images/rs/buttons/edit-button.png#no-click" alt="The Edit button" width="25px" class="inline" >}} to edit an existing role. + - Select a role from the list of existing roles to edit it. - - Select **+ Add role** to create a new role. + - Click **+ Add role** to create a new role. - {{Add role with name}} + Add role with name 1. Enter a descriptive name for the role. -1. Choose a **Cluster management role** to determine cluster management permissions. +1. Choose a **Management role** to determine cluster management permissions. - {{Select a cluster management role to set the level of cluster management permissions for the new role.}} + Select a cluster management role to set the level of cluster management permissions for the new role. 1. To prevent database access when using this role, do not add any ACLs. -1. Select **Save**. +1. Click **Save**. -You can [assign the new role to users]({{}}) to grant cluster access. - -### REST API method {#define-roles-rest-api} +-tab-sep- -To [create a role]({{}}) that grants cluster access: +To [create a role]({{}}) that grants cluster access using the REST API: ```sh POST /v1/roles @@ -86,3 +86,6 @@ POST /v1/roles "management": "db_viewer | db_member | cluster_viewer | cluster_member | user_manager | admin" } ``` +{{< /multitabs >}} + +You can [assign the new role to users]({{}}) to grant cluster access. diff --git a/content/operate/rs/security/access-control/create-combined-roles.md b/content/operate/rs/security/access-control/create-combined-roles.md index 9809b59d8d..c47dc0e163 100644 --- a/content/operate/rs/security/access-control/create-combined-roles.md +++ b/content/operate/rs/security/access-control/create-combined-roles.md @@ -14,37 +14,31 @@ To create a role that grants database access privileges and allows access to the 1. [Define Redis ACLs](#define-redis-acls) that determine database access privileges. -1. [Create a role with ACLs](#create-role) added and choose a **Cluster management role** other than **None**. +1. [Create a role with ACLs](#create-role) added and choose a **Management role** other than **None**. ## Define Redis ACLs You can use the [Cluster Manager UI](#define-acls-ui) or the [REST API](#define-acls-rest-api) to define Redis ACL rules that you can assign to roles. -### Cluster Manager UI method {#define-acls-ui} +{{< multitabs id="define-redis-acls" +tab1="Cluster Manager UI" +tab2="REST API" >}} To define a Redis ACL rule using the Cluster Manager UI: -1. From **Access Control > Redis ACLs**, you can either: +1. From **Access Control > Roles > Data ACLs**, you can either: - - Point to a Redis ACL and select {{< image filename="/images/rs/buttons/edit-button.png#no-click" alt="The Edit button" width="25px" class="inline" >}} to edit an existing Redis ACL. + - Select an existing Redis ACL from the list to edit it. - - Select **+ Add Redis ACL** to create a new Redis ACL. + - Click **+ Add Redis ACL** to create a new Redis ACL. 1. Enter a descriptive name for the Redis ACL. This will be used to associate the ACL rule with the role. 1. Define the ACL rule. For more information about Redis ACL rules and syntax, see the [Redis ACL overview]({{}}). - {{}} -The **ACL builder** does not support selectors and key permissions. Use **Free text command** to manually define them instead. - {{}} +1. Click **Save**. -1. Select **Save**. - -{{}} -For multi-key commands on multi-slot keys, the return value is `failure`, but the command runs on the keys that are allowed. -{{}} - -### REST API method {#define-acls-rest-api} +-tab-sep- To define a Redis ACL rule using the REST API, use a [create Redis ACL]({{}}) request. For more information about Redis ACL rules and syntax, see the [Redis ACL overview]({{}}). @@ -68,92 +62,89 @@ Example response body: } ``` -To associate the Redis ACL with a role and database, use the `uid` from the response as the `redis_acl_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request. +To associate the Redis ACL with a role and database, use the `uid` from the response as the `redis_acl_uid` when you add `roles_permissions` to the database. + +{{< /multitabs >}} + +{{}} +For multi-key commands on multi-slot keys, the return value is `failure`, but the command runs on the keys that are allowed. +{{}} ## Create roles with ACLs and cluster access {#create-role} You can create a role that grants database access privileges and allows access to the Cluster Management UI and REST API. -### Cluster Manager UI method {#create-roles-ui} +{{< multitabs id="create-combined-roles" +tab1="Cluster Manager UI" +tab2="REST API" >}} To define a role for combined access using the Cluster Manager UI: 1. From **Access Control** > **Roles**, you can: - - Point to a role and select {{< image filename="/images/rs/buttons/edit-button.png#no-click" alt="The Edit button" width="25px" class="inline" >}} to edit an existing role. + - Select a role from the list of existing roles to edit it. - - Select **+ Add role** to create a new role. + - Click **+ Add role** to create a new role. - {{Add role with name}} + Add role with name 1. Enter a descriptive name for the role. This will be used to reference the role when configuring users. -1. Choose a **Cluster management role** other than **None**. For details about permissions granted by each role, see [Cluster Manager UI permissions]({{}}) and [REST API permissions]({{}}). +1. Choose a **Management role** other than **None**. For details about permissions granted by each role, see [Cluster Manager UI permissions]({{}}) and [REST API permissions]({{}}). - {{Add role with name}} + Add role with name -1. Select **+ Add ACL**. - - {{Add role database acl}} +1. Click **+ Add ACL**. 1. Choose a Redis ACL and databases to associate with the role. - {{Add databases to access}} - -1. Select the check mark {{< image filename="/images/rs/buttons/checkmark-button.png#no-click" alt="The Check button" width="25px" class="inline" >}} to confirm. + Add databases to access -1. Select **Save**. +1. Click the check mark to confirm. - {{Add databases to access}} - -You can [assign the new role to users]({{}}) to grant database access and access to the Cluster Manager UI and REST API. +1. Click **Save**. -### REST API method {#define-roles-rest-api} +-tab-sep- To define a role for combined access using the REST API: -1. [Create a role.](#create-role-rest-api) - -1. [Associate a database with roles and Redis ACLs.](#associate-roles-acls-rest-api) - -#### Create a role {#create-role-rest-api} - -To [create a role]({{}}) using the REST API: - -```sh -POST /v1/roles -{ - "name": "", - "management": "db_viewer | db_member | cluster_viewer | cluster_member | admin" -} -``` +1. Use a [create role]({{}}) request: -Example response body: - -```json -{ - "management": "admin", - "name": "", - "uid": 7 -} -``` + ```sh + POST /v1/roles + { + "name": "", + "management": "db_viewer | db_member | cluster_viewer | cluster_member | admin" + } + ``` -To associate the role with a Redis ACL and database, use the `uid` from the response as the `role_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request. + Example response body: + ```json + { + "management": "admin", + "name": "", + "uid": 7 + } + ``` -#### Associate a database with roles and Redis ACLs {#associate-roles-acls-rest-api} + To associate the role with a Redis ACL and database, use the `uid` from the response as the `role_uid` when you add `roles_permissions` to the database. -[Update a database's configuration]({{}}) to add `roles_permissions` with the role and Redis ACL: +2. [Update a database's configuration]({{}}) to add `roles_permissions` with the role and Redis ACL: -```sh -POST /v1/bdbs/ -{ - "roles_permissions": - [ + ```sh + POST /v1/bdbs/ { - "role_uid": , - "redis_acl_uid": + "roles_permissions": + [ + { + "role_uid": , + "redis_acl_uid": + } + ] } - ] -} -``` + ``` + +{{< /multitabs >}} + +You can [assign the new role to users]({{}}) to grant database access and access to the Cluster Manager UI and REST API. diff --git a/content/operate/rs/security/access-control/create-db-roles.md b/content/operate/rs/security/access-control/create-db-roles.md index 93ca06acb3..a8ef5fcddd 100644 --- a/content/operate/rs/security/access-control/create-db-roles.md +++ b/content/operate/rs/security/access-control/create-db-roles.md @@ -16,37 +16,31 @@ To create a role that grants database access without granting access to the Redi 1. [Define Redis ACLs](#define-redis-acls) that determine database access privileges. -1. [Create a role with ACLs](#create-roles-with-acls) added and leave the **Cluster management role** as **None**. +1. [Create a role with ACLs](#create-roles-with-acls) added and leave the **Management role** as **None**. ## Define Redis ACLs You can use the [Cluster Manager UI](#define-acls-ui) or the [REST API](#define-acls-rest-api) to define Redis ACL rules that you can assign to roles. -### Cluster Manager UI method {#define-acls-ui} +{{< multitabs id="define-redis-acls" +tab1="Cluster Manager UI" +tab2="REST API" >}} To define a Redis ACL rule using the Cluster Manager UI: -1. From **Access Control > Redis ACLs**, you can either: +1. From **Access Control > Roles > Data ACLs**, you can either: - - Point to a Redis ACL and select {{< image filename="/images/rs/buttons/edit-button.png#no-click" alt="The Edit button" width="25px" class="inline" >}} to edit an existing Redis ACL. + - Select an existing Redis ACL from the list to edit it. - - Select **+ Add Redis ACL** to create a new Redis ACL. + - Click **+ Add Redis ACL** to create a new Redis ACL. 1. Enter a descriptive name for the Redis ACL. This will be used to associate the ACL rule with the role. 1. Define the ACL rule. For more information about Redis ACL rules and syntax, see the [Redis ACL overview]({{}}). - {{}} -The **ACL builder** does not support selectors and key permissions. Use **Free text command** to manually define them instead. - {{}} +1. Click **Save**. -1. Select **Save**. - -{{}} -For multi-key commands on multi-slot keys, the return value is `failure`, but the command runs on the keys that are allowed. -{{}} - -### REST API method {#define-acls-rest-api} +-tab-sep- To define a Redis ACL rule using the REST API, use a [create Redis ACL]({{}}) request. For more information about Redis ACL rules and syntax, see the [Redis ACL overview]({{}}). @@ -70,92 +64,87 @@ Example response body: } ``` -To associate the Redis ACL with a role and database, use the `uid` from the response as the `redis_acl_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request. +To associate the Redis ACL with a role and database, use the `uid` from the response as the `redis_acl_uid` when you add `roles_permissions` to the database. + +{{< /multitabs >}} + +{{}} +For multi-key commands on multi-slot keys, the return value is `failure`, but the command runs on the keys that are allowed. +{{}} ## Create roles with ACLs -To create a role that grants database access to users but blocks access to the Redis Enterprise Cluster Manager UI and REST API, set the **Cluster management role** to **None**. +To create a role that grants database access to users but blocks access to the Redis Enterprise Cluster Manager UI and REST API, set the **Management role** to **None**. -### Cluster Manager UI method {#create-roles-ui} +{{< multitabs id="create-db-roles" +tab1="Cluster Manager UI" +tab2="REST API" >}} To define a role for database access using the Cluster Manager UI: 1. From **Access Control** > **Roles**, you can: - - Point to a role and select {{< image filename="/images/rs/buttons/edit-button.png#no-click" alt="The Edit button" width="25px" class="inline" >}} to edit an existing role. + - Select a role from the list of existing roles to edit it. - - Select **+ Add role** to create a new role. + - Click **+ Add role** to create a new role. - {{Add role with name}} + Add role with name 1. Enter a descriptive name for the role. This will be used to reference the role when configuring users. -1. Leave **Cluster management role** as the default **None**. - - {{Add role with name}} +1. Leave **Management role** as the default **None**. -1. Select **+ Add ACL**. - - {{Add role database acl}} +1. Click **+ Add ACL**. 1. Choose a Redis ACL and databases to associate with the role. - {{Add databases to access}} - -1. Select the check mark {{< image filename="/images/rs/buttons/checkmark-button.png#no-click" alt="The Check button" width="25px" class="inline" >}} to confirm. + Add databases to access -1. Select **Save**. +1. Click the check mark to confirm. - {{Add databases to access}} - -You can [assign the new role to users]({{}}) to grant database access. +1. Click **Save**. -### REST API method {#define-roles-rest-api} +-tab-sep- To define a role for database access using the REST API: -1. [Create a role.](#create-role-rest-api) +1. Use a [create role]({{}}) request: -1. [Associate a database with roles and Redis ACLs.](#associate-roles-acls-rest-api) - -#### Create a role {#create-role-rest-api} - -To [create a role]({{}}) using the REST API: - -```sh -POST /v1/roles -{ - "name": "", - "management": "none" -} -``` - -Example response body: - -```json -{ - "management": "none", - "name": "", - "uid": 7 -} -``` + ```sh + POST /v1/roles + { + "name": "", + "management": "none" + } + ``` -To associate the role with a Redis ACL and database, use the `uid` from the response as the `role_uid` when you add `roles_permissions` to the database. See [Associate a database with roles and Redis ACLs](#associate-roles-acls-rest-api) for an example request. + Example response body: + ```json + { + "management": "none", + "name": "", + "uid": 7 + } + ``` -#### Associate a database with roles and Redis ACLs {#associate-roles-acls-rest-api} + To associate the role with a Redis ACL and database, use the `uid` from the response as the `role_uid` when you add `roles_permissions` to the database. -[Update a database's configuration]({{}}) to add `roles_permissions` with the role and Redis ACL: +1. [Update a database's configuration]({{}}) to add `roles_permissions` with the role and Redis ACL: -```sh -POST /v1/bdbs/ -{ - "roles_permissions": - [ + ```sh + POST /v1/bdbs/ { - "role_uid": , - "redis_acl_uid": + "roles_permissions": + [ + { + "role_uid": , + "redis_acl_uid": + } + ] } - ] -} -``` + ``` + +{{< /multitabs >}} + +You can [assign the new role to users]({{}}) to grant database access. diff --git a/content/operate/rs/security/access-control/create-users.md b/content/operate/rs/security/access-control/create-users.md index d18c66d157..2c1b87f603 100644 --- a/content/operate/rs/security/access-control/create-users.md +++ b/content/operate/rs/security/access-control/create-users.md @@ -24,15 +24,11 @@ To add a user to the cluster: 1. From the **Access Control > Users** tab in the Cluster Manager UI, select **+ Add user**. - {{Add role with name}} + {{The list of existing users on the Access Control > Users screen.}} 1. Enter the name, email, and password of the new user. - {{Add role with name}} - -1. Assign a **Role** to the user to grant permissions for cluster management and data access. - - {{Add role to user.}} + {{Create user panel with fields for username, email, password, and alerts.}} 1. Select the **Alerts** the user should receive by email: @@ -40,23 +36,33 @@ To add a user to the cluster: - **Receive cluster alerts** - The alerts that are enabled for the cluster in **Cluster > Alerts Settings** are sent to the user. -1. Select **Save**. +1. Click **Add permissions**. + +1. Assign a **Role** to the user to grant permissions for cluster management and data access. + + {{Add role to new user.}} + +1. Click **Save user**. ## Assign roles to users Assign a role, associated with specific databases and access control lists (ACLs), to a user to grant database access: -1. From the **Access Control > Users** tab in the Cluster Manager UI, you can: +1. From the **Access Control > Users** tab in the Cluster Manager UI, select an existing user from the list of users. - - Point to an existing user and select {{< image filename="/images/rs/buttons/edit-button.png#no-click" alt="The Edit button" width="25px" class="inline" >}} to edit the user. - - - Select **+ Add user** to [create a new user]({{< relref "/operate/rs/security/access-control/create-users" >}}). +1. Click the **Edit** button. + +1. In the **User roles** section, click **Edit**. + + {{The User roles section of the Edit user panel.}} 1. Select a role to assign to the user. - {{Add role to user.}} + {{Select role for user.}} + +1. Click **Done** to close the **Roles** dialog. -1. Select **Save**. +1. Click **Save**. ## Next steps diff --git a/content/operate/rs/security/access-control/ldap/_index.md b/content/operate/rs/security/access-control/ldap/_index.md index a139a16355..551549e99d 100644 --- a/content/operate/rs/security/access-control/ldap/_index.md +++ b/content/operate/rs/security/access-control/ldap/_index.md @@ -64,7 +64,7 @@ To enable LDAP: 1. From **Access Control > LDAP** in the Cluster Manager UI, select the **Configuration** tab and [enable LDAP access]({{< relref "/operate/rs/security/access-control/ldap/enable-role-based-ldap" >}}). - {{Enable LDAP Panel}} + {{Configure LDAP screen}} 2. Map LDAP groups to [access control roles]({{< relref "/operate/rs/security/access-control/ldap/map-ldap-groups-to-roles" >}}). diff --git a/content/operate/rs/security/access-control/ldap/map-ldap-groups-to-roles.md b/content/operate/rs/security/access-control/ldap/map-ldap-groups-to-roles.md index a25a2c0045..9f1f66efc0 100644 --- a/content/operate/rs/security/access-control/ldap/map-ldap-groups-to-roles.md +++ b/content/operate/rs/security/access-control/ldap/map-ldap-groups-to-roles.md @@ -36,7 +36,7 @@ You can map LDAP roles when LDAP configuration is not enabled, but they won't ha | **Email** | _(Optional)_ An address to receive alerts| | **Alerts** | Selections identifying the desired alerts. | - {{Enable LDAP mappings Panel}} + {{Create LDAP mapping dialog}} 1. When finished, select the **Save** button. diff --git a/content/operate/rs/security/access-control/manage-users/login-lockout.md b/content/operate/rs/security/access-control/manage-users/login-lockout.md index c9ed8225ff..5961123ceb 100644 --- a/content/operate/rs/security/access-control/manage-users/login-lockout.md +++ b/content/operate/rs/security/access-control/manage-users/login-lockout.md @@ -128,28 +128,39 @@ To change the amount of time that the user account is locked after excessive fai ### Unlock locked user accounts +To unlock a locked user account as an admin, use one of the following methods: + +{{< multitabs id="unlock-users" +tab1="Cluster Manager UI" +tab2="rladmin" +tab3="REST API" >}} + To unlock a user account in the Cluster Manager UI: 1. Go to **Access Control > Users**. Locked users have a "User is locked out" label: - {{The Access Control > Users configuration screen in the Cluster Manager UI}} + The Access Control > Users configuration screen in the Cluster Manager UI -1. Point to the user you want to unlock, then click **Reset to unlock**: +1. Point to the "User is locked out" label, then click **Reset to unlock** when it appears: - {{Reset to unlock button appears when you point to a locked user in the list}} + Reset to unlock button appears when you point to a locked user in the list 1. In the **Reset user password** dialog, enter a new password for the user: - {{Reset user password dialog}} + Reset user password dialog 1. Select **Save** to reset the user's password and unlock their account. -To unlock a user account or reset a user password with `rladmin`, run: +-tab-sep- + +To unlock a user account or reset a user password with `rladmin`, run the [`rladmin cluster reset_password`]({{}}) command: ```sh rladmin cluster reset_password ``` +-tab-sep- + To unlock a user account or reset a user password with the REST API, use [`PUT /v1/users`]({{< relref "/operate/rs/references/rest-api/requests/users#put-user" >}}): ```sh @@ -157,23 +168,33 @@ PUT /v1/users {"password": ""} ``` +{{< /multitabs >}} + ### Turn off login lockout To turn off user login lockout and allow unlimited login attempts, use one of the following methods: -- Cluster Manager UI: +{{< multitabs id="turn-off-login-lockout" +tab1="Cluster Manager UI" +tab2="rladmin" >}} - 1. Go to **Cluster > Security > Preferences**, then select **Edit**. +To turn off user login lockout using the Cluster Manager UI: - 1. Clear the **Lockout threshold** checkbox. +1. Go to **Cluster > Security > Preferences**, then select **Edit**. - 1. Select **Save**. +1. Clear the **Lockout threshold** checkbox. -- [`rladmin tune cluster`]({{< relref "/operate/rs/references/cli-utilities/rladmin/tune#tune-cluster" >}}): +1. Select **Save**. - ```sh - rladmin tune cluster login_lockout_threshold 0 - ``` +-tab-sep- + +To turn off user login lockout using `rladmin`, run the [`rladmin tune cluster`]({{< relref "/operate/rs/references/cli-utilities/rladmin/tune#tune-cluster" >}}) command: + +```sh +rladmin tune cluster login_lockout_threshold 0 +``` + +{{< /multitabs >}} The cluster settings show `login_lockout_threshold: disabled`. @@ -183,18 +204,26 @@ The Redis Enterprise Cluster Manager UI supports session timeouts. By default, u To customize the session timeout, use one of the following methods: -- Cluster Manager UI: +{{< multitabs id="config-session-timeout" +tab1="Cluster Manager UI" +tab2="rladmin" >}} - 1. Go to **Cluster > Security > Preferences**, then select **Edit**. +To configure the session timeout using the Cluster Manager UI: - 1. For **Session timeout**, select minutes or hours from the list and enter the timeout value. +1. Go to **Cluster > Security > Preferences**, then select **Edit**. - 1. Select **Save**. +1. For **Session timeout**, select minutes or hours from the list and enter the timeout value. -- [`rladmin cluster config`]({{< relref "/operate/rs/references/cli-utilities/rladmin/cluster/config" >}}): +1. Select **Save**. - ```sh - rladmin cluster config cm_session_timeout_minutes - ``` +-tab-sep- + +To configure the session timeout using `rladmin`, run the [`rladmin cluster config`]({{< relref "/operate/rs/references/cli-utilities/rladmin/cluster/config" >}}) command: + +```sh +rladmin cluster config cm_session_timeout_minutes +``` + +The `` is the number of minutes after which sessions will time out. - The `` is the number of minutes after which sessions will time out. +{{< /multitabs >}} diff --git a/content/operate/rs/security/access-control/redis-acl-overview.md b/content/operate/rs/security/access-control/redis-acl-overview.md index 57410069a9..414949effd 100644 --- a/content/operate/rs/security/access-control/redis-acl-overview.md +++ b/content/operate/rs/security/access-control/redis-acl-overview.md @@ -148,24 +148,37 @@ To make default pub/sub permissions restrictive: 1. Set the default to restrictive (`resetchannels`) using one of the following methods: - - New Cluster Manager UI (only available for Redis Enterprise versions 7.2 and later): + {{< multitabs id="set-default-pub-sub-permissions" + tab1="Cluster Manager UI" + tab2="rladmin" + tab3="REST API" >}} + +To set the default pub/sub permissions using the Cluster Manager UI: - 1. Navigate to **Access Control > Settings > Pub/Sub ACLs** and select **Edit**. +1. Navigate to **Access Control > Roles > Pub/Sub ACLs** and click **Edit**. + +1. Read the warning, then click **Continue**. - 1. For **Default permissions for Pub/Sub ACLs**, select **Restrictive**, then **Save**. +1. For **Default permissions for Pub/Sub ACLs**, select **Restrictive**, then **Save**. - - [`rladmin tune cluster`]({{< relref "/operate/rs/references/cli-utilities/rladmin/tune#tune-cluster" >}}): +-tab-sep- - ```sh - rladmin tune cluster acl_pubsub_default resetchannels - ``` +To set the default pub/sub permissions using `rladmin`, run the [`rladmin tune cluster`]({{< relref "/operate/rs/references/cli-utilities/rladmin/tune#tune-cluster" >}}) command: - - [Update cluster policy]({{< relref "/operate/rs/references/rest-api/requests/cluster/policy#put-cluster-policy" >}}) REST API request: +```sh +rladmin tune cluster acl_pubsub_default resetchannels +``` - ```sh - PUT /v1/cluster/policy - { "acl_pubsub_default": "resetchannels" } - ``` +-tab-sep- + +To set the default pub/sub permissions using the REST API, use an [update cluster policy]({{< relref "/operate/rs/references/rest-api/requests/cluster/policy#put-cluster-policy" >}}) request: + +```sh +PUT /v1/cluster/policy +{ "acl_pubsub_default": "resetchannels" } +``` + + {{< /multitabs >}} ## ACL command support diff --git a/static/images/rs/screenshots/access-control/7-22-updates/create-role-combined-access-select-db.png b/static/images/rs/screenshots/access-control/7-22-updates/create-role-combined-access-select-db.png new file mode 100644 index 0000000000..de8bd6a519 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/create-role-combined-access-select-db.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/create-role-combined-access-select-management-role.png b/static/images/rs/screenshots/access-control/7-22-updates/create-role-combined-access-select-management-role.png new file mode 100644 index 0000000000..2832755284 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/create-role-combined-access-select-management-role.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/create-role-db-access-only.png b/static/images/rs/screenshots/access-control/7-22-updates/create-role-db-access-only.png new file mode 100644 index 0000000000..e3ce638bb8 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/create-role-db-access-only.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/create-user-panel.png b/static/images/rs/screenshots/access-control/7-22-updates/create-user-panel.png new file mode 100644 index 0000000000..c17d18de89 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/create-user-panel.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/create-user-role-select.png b/static/images/rs/screenshots/access-control/7-22-updates/create-user-role-select.png new file mode 100644 index 0000000000..73eaeaeb9f Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/create-user-role-select.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/edit-user-roles.png b/static/images/rs/screenshots/access-control/7-22-updates/edit-user-roles.png new file mode 100644 index 0000000000..47fa74a9e6 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/edit-user-roles.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/edit-user-select-role.png b/static/images/rs/screenshots/access-control/7-22-updates/edit-user-select-role.png new file mode 100644 index 0000000000..2c099fcb3e Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/edit-user-select-role.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/ldap-config.png b/static/images/rs/screenshots/access-control/7-22-updates/ldap-config.png new file mode 100644 index 0000000000..aa5f9a0ea8 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/ldap-config.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/ldap-mappings-add.png b/static/images/rs/screenshots/access-control/7-22-updates/ldap-mappings-add.png new file mode 100644 index 0000000000..831541b76c Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/ldap-mappings-add.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/rbac-create-role-cluster-only.png b/static/images/rs/screenshots/access-control/7-22-updates/rbac-create-role-cluster-only.png new file mode 100644 index 0000000000..ce9c7fed99 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/rbac-create-role-cluster-only.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/roles-screen.png b/static/images/rs/screenshots/access-control/7-22-updates/roles-screen.png new file mode 100644 index 0000000000..770289eb56 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/roles-screen.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/users-locked-out.png b/static/images/rs/screenshots/access-control/7-22-updates/users-locked-out.png new file mode 100644 index 0000000000..b14cff3689 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/users-locked-out.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/users-reset-to-unlock.png b/static/images/rs/screenshots/access-control/7-22-updates/users-reset-to-unlock.png new file mode 100644 index 0000000000..5b8ffb2b09 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/users-reset-to-unlock.png differ diff --git a/static/images/rs/screenshots/access-control/7-22-updates/users-screen.png b/static/images/rs/screenshots/access-control/7-22-updates/users-screen.png new file mode 100644 index 0000000000..bb93b7fe39 Binary files /dev/null and b/static/images/rs/screenshots/access-control/7-22-updates/users-screen.png differ diff --git a/static/js/index.js b/static/js/index.js index fd0c66ffd0..23a1ef2b2d 100644 --- a/static/js/index.js +++ b/static/js/index.js @@ -184,4 +184,17 @@ const mobileMenu = (() => { document.addEventListener('click', clickHandler, false) document.addEventListener('keydown', keyHandler, false) -})() \ No newline at end of file +})() + +// Simple click-to-open for standalone images +document.addEventListener('click', function(e) { + // Check if clicked element is a standalone img (not inside an anchor, not image-card, not no-click) + if (e.target.tagName === 'IMG' && + !e.target.closest('a') && + !e.target.classList.contains('image-card-img') && + !e.target.src.includes('#no-click')) { + + // Open image in same tab, just like clicking a regular link + window.location.href = e.target.src + } +}) \ No newline at end of file