tianxiaoliang commented on a change in pull request #736: URL: https://github.com/apache/servicecomb-service-center/pull/736#discussion_r531816695
########## File path: docs/user-guides/rbac.md ########## @@ -70,21 +70,111 @@ curl -X PUT \ }' ``` -### create a new account by account which has admin role +### create a new account ```shell script curl -X POST \ http://127.0.0.1:30100/v4/account \ -H 'Accept: */*' \ - -H 'Authorization: Bearer {your_token}' \ + -H 'Authorization: Bearer {root_token}' \ -H 'Content-Type: application/json' \ -d '{ "name":"peter", - "password":"{strong_password}", - "role":"developer" - + "password":"{strong_password}" }' ``` ### Roles -currently, you can not custom and manage any role and role policy. there is only 2 build in roles. rbac feature is in early development stage. -- admin: able to do anything, including manage account, even change other account password -- developer: able to call most of API except account management. except account management +currently, two default roles are provided. rbac feature is in early development stage. +You can also create new role and allocate resources to new role. + +### API and resources +All APIs of the system are divided according to their attributes. For example, resource account has the permission to create or update or delete user account when assign the corresponding permissions, resource service has all permission to create, get, add or delete microservices when permissions equal to "*". For more details to see [https://github.com/apache/servicecomb-service-center/blob/master/server/service/rbac/resource.go]() + + ```json +{ + "name": "tester", + "perms": [ + { + "resources": ["service","instance"], + "verbs": ["get", "create", "update"] + }, + { + "resources": ["rule"], + "verbs": ["get"] + } + ] +} +``` + +### create new role +1. You can add new role for user. Now, a user can be own more roles. +```shell script +curl -X POST \ + http://127.0.0.1:30100/v4/account \ Review comment: 等你的标题是create new role,然后里面介绍就是创建账号 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
