[ovs-dev] [PATCH v2] Documentation: Add document describing RBAC

Ben Pfaff blp at ovn.org
Tue Oct 24 21:46:34 UTC 2017


On Fri, Oct 20, 2017 at 09:46:19AM -0500, Mark Michelson wrote:
> Role based access control is a relatively new addition to OVS/OVN, and
> aside from the database documentation in ovn-sb(5), there is not much
> explaining what RBAC is, how to use it, and the available roles. This
> document remedies that situation.
> 
> It is hopeful that any new roles added will be added to this document in
> the future.
> 
> Signed-off-by: Mark Michelson <mmichels at redhat.com>
> ---
> Version 2 changes:
> * There were references to a table called RBAC_Permissions. These have
>   been changed to the correct "RBAC_Permission".
> * Fixed a grammatical error in the final section.

Thanks!  I applied this to master, folding in the following, which
seemed to make sense to me.

--8<--------------------------cut here-------------------------->8--

diff --git a/Documentation/topics/role-based-access-control.rst b/Documentation/topics/role-based-access-control.rst
index 14b3bc8aca5f..8f2a3a998873 100644
--- a/Documentation/topics/role-based-access-control.rst
+++ b/Documentation/topics/role-based-access-control.rst
@@ -47,23 +47,27 @@ for a given table in the database.
 
 The RBAC_Permission table contains the following columns:
 
-- table: The table in the database for which permissions are being described.
-- insert_delete: Describes whether insertion and deletion of records is
-  allowed.
-- update: A list of columns that are allowed to be updated.
-- authorization: A list of column names. One of the listed columns must match
-  the SSL certificate CN in order for the attempted operation on the table to
+table
+  The table in the database for which permissions are being described.
+insert_delete
+  Describes whether insertion and deletion of records is allowed.
+update
+  A list of columns that are allowed to be updated.
+authorization
+  A list of column names. One of the listed columns must match the SSL
+  certificate CN in order for the attempted operation on the table to
   succeed. If a key-value pair is provided, then the key is the column name,
   and the value is the name of a key in that column. An empty string gives
   permission to all clients to perform operations.
 
 The RBAC_Role table contains the following columns:
 
-- name: The name of the role being defined
-- permissions: A list of key-value pairs. The key is the name of a table in the
-  database, and the value is a UUID of a record in the RBAC_Permission
-  table that describes the permissions the role has for that
-  table.
+name
+  The name of the role being defined
+permissions
+  A list of key-value pairs. The key is the name of a table in the database,
+  and the value is a UUID of a record in the RBAC_Permission table that
+  describes the permissions the role has for that table.
 
 .. note::
 


More information about the dev mailing list