From 5e46ca43150a98c0cb20621f529cca14f933e96c Mon Sep 17 00:00:00 2001 From: linfraze Date: Thu, 3 Apr 2025 15:56:42 -0400 Subject: [PATCH 1/3] RHIDP-5483: Update Authorization Preface --- ...bly-configuring-authorization-in-rhdh.adoc | 23 ++++++------------- titles/authentication/master.adoc | 1 - 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index 8db4efc46e..5d83c22821 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -1,26 +1,18 @@ [id='configuring-authorization-in-rhdh'] = Configuring authorization in {product} -In link:{authorization-book-url}[{authentication-book-title}], you learnt how to authenticate users to {product}. -{product-short} knowns who the users are. +Administrators can authorize users to perform actions and define what users can do in {product-short}. -In this book, learn how to authorize users to perform actions in {product-short}. -Define what users can do in {product-short}. +Role-based access control (RBAC) is a security concept that controls access to resources in a system. RBAC specifies a mapping between users of the system and the actions that those users can perform on resources in the system. +You can use RBAC to define roles with specific permissions and then assign the roles to users and groups. -Role-Based Access Control (RBAC) is a security concept that controls access to resources in a system, and specifies a mapping between users of the system, and the actions they can perform on resources in the system. -You define roles with specific permissions, and then assign the roles to users and groups. +RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. Rather than defining policies in code, you can use the {product-short} RBAC feature to define policies in a declarative fashion by using a simple CSV based format. You can define the policies by using {product-short} web interface or REST API instead of editing the CSV directly. -RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. -Rather than defining policies in code, -the {product-short} RBAC feature allows you -to define policies in a declarative fashion using a simple CSV based format. -You can define the policies by using {product-short} web interface or REST API, rather than editing the CSV directly. +An administrator can define authorizations in {product-short} by taking the following steps: -To define authorizations in {product-short}: +. Enable the RBAC feature and give authorized users access to the feature. -. The {product-short} administrator enables and gives access to the RBAC feature. - -. You define your roles and policies by combining the following methods: +. Define roles and policies by combining the following methods: * The {product-short} policy administrator uses the {product-short} web interface or REST API. * The {product-short} administrator edits the main {product-short} configuration file. @@ -58,4 +50,3 @@ include::modules/authorization/con-user-stats-rhdh.adoc[leveloffset=+1] include::modules/authorization/proc-download-user-stats-rhdh.adoc[leveloffset=+2] - diff --git a/titles/authentication/master.adoc b/titles/authentication/master.adoc index 0db027bd0c..15ec5aa224 100644 --- a/titles/authentication/master.adoc +++ b/titles/authentication/master.adoc @@ -10,4 +10,3 @@ include::artifacts/attributes.adoc[] //{abstract} include::assemblies/assembly-enabling-authentication.adoc[] - From 72e967761bf0064a2bf6a61ec4cf86d1fcfaaf63 Mon Sep 17 00:00:00 2001 From: linfraze Date: Thu, 3 Apr 2025 16:21:36 -0400 Subject: [PATCH 2/3] RHIDP-5483: Update Authorization Abstract --- titles/authorization/master.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/titles/authorization/master.adoc b/titles/authorization/master.adoc index 1ac9860e0d..0ebc0a6db2 100644 --- a/titles/authorization/master.adoc +++ b/titles/authorization/master.adoc @@ -3,7 +3,7 @@ include::artifacts/attributes.adoc[] :imagesdir: images :title: Authorization in {product} :subtitle: Configuring authorization by using role based access control (RBAC) in {product} -:abstract: As a {product} platform engineer, you can manage authorizations of other users by using role based access control (RBAC) to meet the specific needs of your organization. +:abstract: {product} administrators can use role-based access control (RBAC) to manage authorizations of other users. //[id="{context}"] //= {title} From 888d5f59973fd21232c7fc07eb49ebe5ae172e41 Mon Sep 17 00:00:00 2001 From: linfraze Date: Wed, 16 Apr 2025 12:46:14 -0400 Subject: [PATCH 3/3] RHIDP-5483: Apply reviewer suggestions --- assemblies/assembly-configuring-authorization-in-rhdh.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index 5d83c22821..19aae8c172 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -3,7 +3,7 @@ Administrators can authorize users to perform actions and define what users can do in {product-short}. -Role-based access control (RBAC) is a security concept that controls access to resources in a system. RBAC specifies a mapping between users of the system and the actions that those users can perform on resources in the system. +Role-based access control (RBAC) is a security concept that defines how to control access to resources in a system by specifying a mapping between users of the system and the actions that those users can perform on resources in the system. You can use RBAC to define roles with specific permissions and then assign the roles to users and groups. RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. Rather than defining policies in code, you can use the {product-short} RBAC feature to define policies in a declarative fashion by using a simple CSV based format. You can define the policies by using {product-short} web interface or REST API instead of editing the CSV directly.