Skip to content

Commit 3bd18b0

Browse files
sureshanapartisureshanaparti
authored
Updated doc for dynamic roles improvements (apache#180)
1 parent 594c67a commit 3bd18b0

File tree

1 file changed

+21
-6
lines changed

1 file changed

+21
-6
lines changed

source/adminguide/accounts.rst

Lines changed: 21 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -101,19 +101,34 @@ to any other account in the domain or any of its sub-domains.
101101
Using Dynamic Roles
102102
-------------------
103103

104-
In addition to the four default roles, the dynamic role-based API checker feature
104+
In addition to the default roles, the dynamic role-based API checker feature
105105
allows CloudStack root admins to create new roles with customized permissions.
106106
The allow/deny rules can be configured dynamically during runtime without
107107
restarting the management server(s).
108108

109109
For backward compatiblity, all roles resolve to one of the four role types:
110110
admin, resource admin, domain admin and user. A new role can be created using
111-
the roles tab in the UI and specifying a name, a role type and optionally a
112-
description.
111+
the roles tab in the UI and specifying a name, either a role type or ID of existing
112+
role, and optionally a description. When a new role is created using ID of existing
113+
role, all the rules of the existing role are copied to the new role and these rules
114+
can be modified as desired.
113115

114-
Role specific rules can be configured through the rules tab on role specific
115-
details page. A rule is either an API name or a wildcard string that are one of
116-
allow or deny permission and optionally a description.
116+
Role specific rules can be either configured through the rules tab on role specific
117+
details page or imported from a CSV file while creating a new role with role type.
118+
A rule is either an API name or a wildcard string that are one of allow or deny
119+
permission and optionally a description. These rules can be exported to a
120+
CSV file, name defaulted to “<RoleName>_<RoleType>.csv”.
121+
122+
CSV file format:
123+
124+
.. parsed-literal::
125+
126+
rule,permission,description
127+
<Rule1>,<Permission1>,<Description1>
128+
<Rule2>,<Permission2>,<Description2>
129+
<Rule3>,<Permission3>,<Description3>
130+
131+
so on
117132
118133
When a user makes an API request, the backend checks the requested API against
119134
configured rules (in the order the rules were configured) for the caller

0 commit comments

Comments
 (0)