tianxiaoliang commented on a change in pull request #736: URL: https://github.com/apache/servicecomb-service-center/pull/736#discussion_r525646678
########## File path: docs/user-guides/rbac.md ########## @@ -85,6 +85,62 @@ curl -X POST \ }' ``` ### Roles -currently, you can not custom and manage any role and role policy. there is only 2 build in roles. rbac feature is in early development stage. +currently, two default roles are provided. rbac feature is in early development stage. - admin: able to do anything, including manage account, even change other account password - developer: able to call most of API except account management. except account management +You can also create new role and allocate resources to new role. + +### API and resources +All APIs of the system are divided according to their attributes. For example, resource account has the permission to create or update or delete user account when assign the corresponding permissions, resource service has all permission to create, get, add or delete microservices when permissions equal to "*". For more details to see [https://github.com/apache/servicecomb-service-center/blob/master/server/service/rbac/resource.go]() + + ```json +{ + "name": "tester", + "permissions": { + "account": "create, update, delete", + "service": "*" + } +} +``` + +### create new role +you can add new role for user. +```shell script +curl -X POST \ + http://127.0.0.1:30100/v4/account \ + -H 'Accept: */*' \ + -H 'Authorization: Bearer {your_token}' \ + -H 'Content-Type: application/json' \ + -d '{ + "name":"dev_test", + "password":"{strong_password}", + "role":"tester" +}' +``` +then, allocate resources to new role +```shell script +curl -X POST \ + http://127.0.0.1:30100/v4/role \ + -H 'Accept: */*' \ + -H 'Authorization: Bearer {your_token}' \ + -H 'Content-Type: application/json' \ + -d '{ + "name": "tester", + "permissions": { + "service": "get, delete", Review comment: 这个要考虑下扩展性 ``` perms: - resources: ["service","instance"] verbs: ["get", "list", "create"] - resources: ["account"] verbs: ["get"] ``` ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
