Actions
Bug #4960
closed
The documentation gives no examples about role management in Rudder
Pull Request:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:
Description
There are a lot of things about role management that used to be in rudder-users.xml and have been removed, that should be put in the documentation instead to prevent duplication and poor maintenance.
Extract of things to put in the doc (to be improved and "asciidoc'ed"):
Authorizations
You must define a role attribute to every user you add.
A role is defined by a list of authorizations separated by commas.
There's two kind of authorizations :
Predefined authorizations
There are 7 predefined authorization levels:
- administrator (all rights)
- administration_only (all administration)
- user (all node, configuration)
- configuration(all configuration)
- read_only (read all)
- compliance(read rule)
- inventory (read node)
There is three predefined roles for change request rights:
- validator (Can valid changes)
- deployer (Can deploy changes)
- workflow (Both deployer and validator)
The administrator role include the workflow ones
Custom authorizations
Custom authorisations are composed of two elements:
- A type of authorization, which define what is concerned
there's is 10 types, which are : node, group, deployement,
administration, configuration, rule, technique, directive,
validator and deployer.
- A level of authorization,
levels are: read, write, edit, all(read, write, edit)
They are not inclusive (write and edit don't include read,)
a custom authorisation has a format like that "type_level" like "node_all", "group_read"
Examples
<user name="alice" password="xxxxxxx" role="administrator" />
<user name="bob" password="xxxxxxx" role="read_only"/>
<user name="carol" password="xxxxxxx" role="user,validator"/>
<user name="custom" password="custom" role="node_all,configuration_read,rule_read,rule_edit,directive_read,technique_read">
-> can read everything but administration,groups and deployement
-> can do everything about node
exemple of bad lines
<user name="" password="secret2" role="administrator"/>
<user name="name" password="" role="administrator"/>
Updated by Matthieu CERDA over 10 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Matthieu CERDA to Jonathan CLARKE
- % Done changed from 0 to 100
- Pull Request set to https://github.com/Normation/rudder-doc/pull/61
PR is ready !
Updated by Matthieu CERDA over 10 years ago
- Status changed from Pending technical review to In progress
- Assignee changed from Jonathan CLARKE to Matthieu CERDA
- Target version changed from 2.11.0~beta1 to 2.6.14
- % Done changed from 100 to 80
- Pull Request deleted (
https://github.com/Normation/rudder-doc/pull/61)
Retargetting to 2.6 as asked kindly by JCL :)
Updated by Matthieu CERDA over 10 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Matthieu CERDA to Jonathan CLARKE
- % Done changed from 80 to 100
- Pull Request set to https://github.com/Normation/rudder-doc/pull/62
PR is ready
Updated by Matthieu CERDA over 10 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset commit:4dc440949a797df1cfb36c37475a1850a1ce9758.
Updated by Matthieu CERDA over 10 years ago
- Assignee changed from Jonathan CLARKE to Matthieu CERDA
Updated by Jonathan CLARKE over 10 years ago
- Priority changed from 1 (highest) to 3
Updated by Vincent MEMBRÉ over 10 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder versions that were released today.
- 2.6.14 (announcement , changelog)
- 2.9.6 (announcement , changelog)
- 2.10.2 (announcement , changelog)
- Download information: https://www.rudder-project.org/site/get-rudder/downloads/
Updated by Benoît PECCATTE over 9 years ago
- Project changed from 30 to Rudder
- Category set to Documentation
Actions