On Fri, Oct 20, 2017 at 09:46:19AM -0500, Mark Michelson wrote: > Role based access control is a relatively new addition to OVS/OVN, and > aside from the database documentation in ovn-sb(5), there is not much > explaining what RBAC is, how to use it, and the available roles. This > document remedies that situation. > > It is hopeful that any new roles added will be added to this document in > the future. > > Signed-off-by: Mark Michelson <[email protected]> > --- > Version 2 changes: > * There were references to a table called RBAC_Permissions. These have > been changed to the correct "RBAC_Permission". > * Fixed a grammatical error in the final section.
Thanks! I applied this to master, folding in the following, which seemed to make sense to me. --8<--------------------------cut here-------------------------->8-- diff --git a/Documentation/topics/role-based-access-control.rst b/Documentation/topics/role-based-access-control.rst index 14b3bc8aca5f..8f2a3a998873 100644 --- a/Documentation/topics/role-based-access-control.rst +++ b/Documentation/topics/role-based-access-control.rst @@ -47,23 +47,27 @@ for a given table in the database. The RBAC_Permission table contains the following columns: -- table: The table in the database for which permissions are being described. -- insert_delete: Describes whether insertion and deletion of records is - allowed. -- update: A list of columns that are allowed to be updated. -- authorization: A list of column names. One of the listed columns must match - the SSL certificate CN in order for the attempted operation on the table to +table + The table in the database for which permissions are being described. +insert_delete + Describes whether insertion and deletion of records is allowed. +update + A list of columns that are allowed to be updated. +authorization + A list of column names. One of the listed columns must match the SSL + certificate CN in order for the attempted operation on the table to succeed. If a key-value pair is provided, then the key is the column name, and the value is the name of a key in that column. An empty string gives permission to all clients to perform operations. The RBAC_Role table contains the following columns: -- name: The name of the role being defined -- permissions: A list of key-value pairs. The key is the name of a table in the - database, and the value is a UUID of a record in the RBAC_Permission - table that describes the permissions the role has for that - table. +name + The name of the role being defined +permissions + A list of key-value pairs. The key is the name of a table in the database, + and the value is a UUID of a record in the RBAC_Permission table that + describes the permissions the role has for that table. .. note:: _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
