Project

General

Profile

Actions
Copy link

Bug #4960

closed

The documentation gives no examples about role management in Rudder

Added by Matthieu CERDA over 10 years ago. Updated over 9 years ago.

Status:
Released
Priority:
3
Assignee:
Matthieu CERDA
Category:
Documentation
Target version:
2.6.14
Pull Request:
https://github.com/Normation/rudder-d...
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

There are a lot of things about role management that used to be in rudder-users.xml and have been removed, that should be put in the documentation instead to prevent duplication and poor maintenance.

Extract of things to put in the doc (to be improved and "asciidoc'ed"):

  Authorizations
    You must define a role attribute to every user you add.
  A role is defined by a list of authorizations separated by commas.
  There's two kind of authorizations : 

  Predefined authorizations

  There are 7 predefined authorization levels:
    - administrator (all rights)
    - administration_only (all administration)
    - user (all node, configuration)
    - configuration(all configuration)
    - read_only (read all)
    - compliance(read rule)
    - inventory (read node)

  There is three predefined roles for change request rights:
    - validator (Can valid changes)
    - deployer  (Can deploy changes)
    - workflow  (Both deployer and validator)
  The administrator role include the workflow ones

  Custom authorizations

  Custom authorisations are composed of two elements:
    - A type of authorization, which define what is concerned
      there's is 10 types, which are : node, group, deployement,
      administration, configuration, rule, technique, directive,
      validator and deployer.
    - A level of authorization, 
      levels are: read, write, edit, all(read, write, edit)
      They are not inclusive (write and edit don't include read,)
      a custom authorisation has a format like that "type_level" like "node_all", "group_read" 

  Examples

      <user name="alice"  password="xxxxxxx" role="administrator" />
      <user name="bob"    password="xxxxxxx" role="read_only"/>
      <user name="carol"  password="xxxxxxx" role="user,validator"/>

      <user name="custom" password="custom" role="node_all,configuration_read,rule_read,rule_edit,directive_read,technique_read">
      -> can read everything but administration,groups and deployement
      -> can do everything about node

  exemple of bad lines
  <user name="" password="secret2" role="administrator"/>
  <user name="name" password="" role="administrator"/>

Related issues 1 (0 open1 closed)

Related to Rudder - Bug #4972: The documentation should reflect the change to the default Rudder usersReleasedJonathan CLARKE2014-06-09Actions
Actions
Copy link

Also available in: Atom PDF