From 8262a3d8a9f8daee0d5a48c77a632a28ad4540f9 Mon Sep 17 00:00:00 2001 From: linfraze Date: Thu, 3 Apr 2025 15:56:42 -0400 Subject: [PATCH 1/3] RHIDP-5483: Update Authorization Preface --- ...bly-configuring-authorization-in-rhdh.adoc | 23 ++++++------------- titles/authentication/master.adoc | 1 - 2 files changed, 7 insertions(+), 17 deletions(-) diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index 5cd1939bab..c478b0d1a3 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -1,26 +1,18 @@ [id='configuring-authorization-in-rhdh'] = Configuring authorization in {product} -In link:{authorization-book-url}[{authentication-book-title}], you learnt how to authenticate users to {product}. -{product-short} knowns who the users are. +Administrators can authorize users to perform actions and define what users can do in {product-short}. -In this book, learn how to authorize users to perform actions in {product-short}. -Define what users can do in {product-short}. +Role-based access control (RBAC) is a security concept that controls access to resources in a system. RBAC specifies a mapping between users of the system and the actions that those users can perform on resources in the system. +You can use RBAC to define roles with specific permissions and then assign the roles to users and groups. -Role-Based Access Control (RBAC) is a security concept that controls access to resources in a system, and specifies a mapping between users of the system, and the actions they can perform on resources in the system. -You define roles with specific permissions, and then assign the roles to users and groups. +RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. Rather than defining policies in code, you can use the {product-short} RBAC feature to define policies in a declarative fashion by using a simple CSV based format. You can define the policies by using {product-short} web interface or REST API instead of editing the CSV directly. -RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. -Rather than defining policies in code, -the {product-short} RBAC feature allows you -to define policies in a declarative fashion using a simple CSV based format. -You can define the policies by using {product-short} web interface or REST API, rather than editing the CSV directly. +An administrator can define authorizations in {product-short} by taking the following steps: -To define authorizations in {product-short}: +. Enable the RBAC feature and give authorized users access to the feature. -. The {product-short} administrator enables and gives access to the RBAC feature. - -. You define your roles and policies by combining the following methods: +. Define roles and policies by combining the following methods: * The {product-short} policy administrator uses the {product-short} web interface or REST API. * The {product-short} administrator edits the main {product-short} configuration file. @@ -59,4 +51,3 @@ include::modules/authorization/con-user-stats-rhdh.adoc[leveloffset=+1] include::modules/authorization/proc-download-user-stats-rhdh.adoc[leveloffset=+2] - diff --git a/titles/authentication/master.adoc b/titles/authentication/master.adoc index 0db027bd0c..15ec5aa224 100644 --- a/titles/authentication/master.adoc +++ b/titles/authentication/master.adoc @@ -10,4 +10,3 @@ include::artifacts/attributes.adoc[] //{abstract} include::assemblies/assembly-enabling-authentication.adoc[] - From 4c329449e2a4917c1227d1cbfc0b12fcf273b861 Mon Sep 17 00:00:00 2001 From: linfraze Date: Thu, 3 Apr 2025 16:21:36 -0400 Subject: [PATCH 2/3] RHIDP-5483: Update Authorization Abstract --- titles/authorization/master.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/titles/authorization/master.adoc b/titles/authorization/master.adoc index 1ac9860e0d..0ebc0a6db2 100644 --- a/titles/authorization/master.adoc +++ b/titles/authorization/master.adoc @@ -3,7 +3,7 @@ include::artifacts/attributes.adoc[] :imagesdir: images :title: Authorization in {product} :subtitle: Configuring authorization by using role based access control (RBAC) in {product} -:abstract: As a {product} platform engineer, you can manage authorizations of other users by using role based access control (RBAC) to meet the specific needs of your organization. +:abstract: {product} administrators can use role-based access control (RBAC) to manage authorizations of other users. //[id="{context}"] //= {title} From c0c9c0ff81784505e7b18927256f614f2772d8c3 Mon Sep 17 00:00:00 2001 From: linfraze Date: Wed, 16 Apr 2025 12:46:14 -0400 Subject: [PATCH 3/3] RHIDP-5483: Apply reviewer suggestions --- assemblies/assembly-configuring-authorization-in-rhdh.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/assemblies/assembly-configuring-authorization-in-rhdh.adoc b/assemblies/assembly-configuring-authorization-in-rhdh.adoc index c478b0d1a3..c640b5e6bb 100644 --- a/assemblies/assembly-configuring-authorization-in-rhdh.adoc +++ b/assemblies/assembly-configuring-authorization-in-rhdh.adoc @@ -3,7 +3,7 @@ Administrators can authorize users to perform actions and define what users can do in {product-short}. -Role-based access control (RBAC) is a security concept that controls access to resources in a system. RBAC specifies a mapping between users of the system and the actions that those users can perform on resources in the system. +Role-based access control (RBAC) is a security concept that defines how to control access to resources in a system by specifying a mapping between users of the system and the actions that those users can perform on resources in the system. You can use RBAC to define roles with specific permissions and then assign the roles to users and groups. RBAC on {product-short} is built on top of the Permissions framework, which defines RBAC policies in code. Rather than defining policies in code, you can use the {product-short} RBAC feature to define policies in a declarative fashion by using a simple CSV based format. You can define the policies by using {product-short} web interface or REST API instead of editing the CSV directly.