-
Task
-
Resolution: Done
-
Critical
-
None
See https://docs.google.com/document/d/1hzho44sCs1Y-m4UTy2kDuZg_0jm8LNJXruJDusAQ4aI/edit
Chapter 5: Managing authorization by importing a file
AI: [SME] Seem replaced by the Web UI and REST API. Is there still a customer user case to keep CSV file procedures and reference? Answer: to keep.
You want to automate further and configure RHDH directly with the RBAC CSV file.
RBAC in RHDH is configured using a CSV file that follows the casbin (https://casbin.org) format, a popular declarative domain specific language (DSL) for access control.
A RBAC policy CSV consists of a number of lines of declarations. A policy declaration consists of lines in the following format:
type, role_name, resource, action, permission
where,
type = should be a single letter - p for policy type, or g for role assignments to users
role_name = A custom role name defined by you, for example admins, users, viewers
resource = features in RHDH, for example catalog-entity, policy-entity, scaffolder-template, and more
action = create, update, delete, or read
permission = allow or deny
Consult the references section at the bottom of this page for the full list of resource types in RHDH.
Consider the following policy snippet:
p, role:default/myrole, catalog-entity, read, allow
p, role:default/myrole, catalog.entity.delete, delete, deny
g, user:default/myuser, role:default/myrole
It defines a custom role named myrole that permits read only access to the RHDH catalog, but denies deletes. The last line in the policy CSV file assigns the myuser user the myrole role. The myuser user should be a valid identity that is authenticated by one of the identity providers supported by RHDH.
