habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "website: latest migration to new structure" (#11634)

Browse Source 
Revert "website: latest migration to new structure (#11522)"

This reverts commit 9a89a5f94b.
This commit is contained in:
Tana M Berry
2024-10-08 17:30:50 -05:00
committed by GitHub
parent 9a89a5f94b
commit 6b2fced1b9
336 changed files with 883 additions and 2636 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
website/docs/users-sources/access-control/flow-page.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 72 KiB

15
website/docs/users-sources/access-control/index.mdx
View File

@ -1,15 +0,0 @@
---
title: About access control
---
import DocCardList from "@theme/DocCardList";
To comply with important regulations such as PCI-DSS, HIPAA, SOC 2, and GDPR, it's necessary to have the ability to control which users have access to specific areas of the system, what [permissions](./permissions.md) they have globally and on certain objects, and a way to monitor [events](../../sys-mgmt/events/index.md) related to user activity.
In authentik, we provide role-based access control (RBAC), an industry standard for managing access control. By carefully designing roles with appropriate permissions, and then assigning those roles to groups, RBAC provides a fine-tuned approach to controlling user access.
RBAC is a way of ensuring the well-known [principal of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) whereby "every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose."
To learn more about access control with authentik, refer to these topics:
<DocCardList />

132
website/docs/users-sources/access-control/manage_permissions.md
View File

@ -1,132 +0,0 @@
---
title: "Manage permissions"
description: "Learn how to use global and object permissions in authentik."
---
Refer to the following topics for instructions to view and manage permissions. To learn more about the concepts and fundamanetals of authentik permissions, refer to [About Permissions](./permissions.md).
## View permissions
You can view all permissions that are assigned to a user, group, role, flow, or stage.
### View user and role permissions
To view _object_ permissions for a specific user or role:
1. Go to the Admin interface and navigate to **Directory**.
2. Select either **Users** or **Roles**
3. Select a specific user/role by clicking on the name (this opens the details page).
4. Click the **Permissions** tab at the top of the page
5. Select the **Assigned global permissions** sub-tab to see global permissions and the **Assigned object permissions** sub-tab to see the object-level permissions.
### View flow permissions
\_These instructions apply to all objects that have a detail page, which can be accessed by clicking on the name in the list page.\_\_
1. Go to the Admin interface and navigate to **Flows and Stages -> Flows**.
2. Click the name of the flow (this opens the details page).
3. Click the **Permissions** tab at the top of the page.
4. View the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs.
### View stage permissions
\_These instructions apply to all objects that **do not** have a detail page.\_\_
1. Go to the Admin interface and navigate to **Flows and Stages -> Stages**.
2. On the row for the specific stage whose permissions you want to view, click the **lock icon**.
3. On the **Update Permissions** window, you can view the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs.
## Manage permissions
You can assign or remove permissions to a user, role, group, flow, or stage.
### Assign, modify, or remove permissions for a user
To assign or remove _object_ permissions for a specific user:
1. Go to the Admin interface and navigate to **Directory -> Users**.
2. Select a specific user by clicking on the user's name.
3. Click the **Permissions** tab at the top of the page.
4. To assign or remove permissions that another _user_ has on this specific user:
1. Click the **User Object Permissions** tab, and then click **Assign to new user**.
2. In the **User** drop-down, select the user object.
3. Use the toggles to set which permissions on that selected user object you want to grant to (or remove from) the specific user.
4. Click **Assign** to save your settings and close the modal.
5. To assign or remove permissions that another _role_ has on this specific user:
1. Click the **Role Object Permissions** tab, and then click **Assign to new role**.
2. In the **User** drop-down, select the user object.
3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role.
4. Click **Assign** to save your settings and close the modal.
To assign or remove _global_ permissions for a user:
1. Go to the Admin interface and navigate to **Directory -> Users**.
2. Select a specific user the clicking on the user's name.
3. Click the **Permissions** tab at the top of the page.
4. Click **Assigned Global Permissions** to the left.
5. In the **Assign permissions** area, click **Assign Permission**.
6. In the **Assign permission to user** modal box, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the user. To remove permissions, deselect the checkbox.
7. Click **Add**, and then click **Assign** to save your changes and close the modal.
### Assign or remove permissions on a specific group
:::info
Note that groups themselves do not have permissions. Rather, users and roles have permissions assigned that allow them to create, modify, delete, etc., a group.
Also there are no global permissions for groups.
:::
To assign or remove _object_ permissions on a specific group by users and roles:
1. Go to the Admin interface and navigate to **Directory -> Groups**.
2. Select a specific group by clicking the group's name.
3. Click the **Permissions** tab at the top of the page.
To assign or remove permissions that another _user_ has on this specific group:
1. Click **User Object Permissions** to the left, and then click **Assign to new user**.
2. In the **User** drop-down, select the user object.
3. Use the toggles to set which permissions on that selected group you want to grant to (or remove from) the specific user.
4. Click **Assign** to save your settings and close the modal.
4. To assign or remove permissions that another _role_ has on this specific group:
1. Click **Role Object Permissions** to the left, and then click **Assign to new role**.
2. In the **Role** drop-down, select the role.
3. Use the toggles to set which permissions you want to grant to (or remove from ) the selected role.
4. Click **Assign** to save your settings and close the modal.
### Assign or remove permissions for a specific role
To assign or remove _object_ permissions for a specific role:
1. Go to the Admin interface and navigate to **Directory -> Roles**.
2. Select a specific role the clicking on the role's name.
3. Click the **Permissions** tab at the top of the page.
To assign or remove permissions that another _user_ has on this specific role:
1. Click **User Object Permissions** to the left, and then click **Assign to new user**.
2. In the **User** drop-down, select the user object.
3. Use the toggles to set which permissions on that role you want to grant to (or remove from) the selected user.
4. Click **Assign** to save your settings and close the modal.
4. To assign or remove permissions that another _role_ has on this specific group:
1. Click **Role Object Permissions** to the left, and then click **Assign to new role**.
2. In the **Role** drop-down, select the role.
3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role.
4. Click **Assign** to save your settings and close the modal.
To assign or remove _global_ permissions for a role:
1. Go to the Admin interface and navigate to **Directory -> Roles**.
2. Select a specific role by clicking on the role's name.
3. Click the **Permissions** tab at the top of the page.
4. Click **Assigned Global Permissions** to the left, and then click **Assign Permission**.
5. In the **Assign permissions to role** modal, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the role. To remove permissions, deselect the checkbox.
6. Click **Assign** to save your changes and close the modal.
### Assign or remove flow permissions
1. Go to the Admin interface and navigate to **Flows and Stages -> Flows**.
2. Click the name of the flow (this opens the details page).
3. Click the **Permissions** tab at the top of the page.
4. Add or remove permissions using the **User Object Permissions** and the **Role Object Permissions** tabs.
### Assign or remove stage permissions
1. Go to the Admin interface and navigate to **Flows and Stages -> Stagess**.
2. On the row for the specific stage that you want to manage permissions, click the **lock icon**.
3. On the **Update Permissions** modal window, you can add or remove the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs.

46
website/docs/users-sources/access-control/permissions.md
View File

@ -1,46 +0,0 @@
---
title: "About permissions"
description: "Learn about global and object permissions in authentik."
---
Permissions are the central components in all access control systems, the lowest-level components, the controlling pieces of access data. Permissions are assigned to (or removed from!) to define exactly WHO can do WHAT to WHICH part of the overall software system.
:::info
Note that global and object permissions only apply to objects within authentik, and not to who can access certain applications (which are access-controlled using [policies](../../customize/policies/index.md)).
:::
For instructions to add, remove, and manage permissions, refer to [Manage Permissions](./manage_permissions.md).
## Fundamentals of authentik permissions
There are two main types of permissions in authentik:
- [**Global permissions**](#global-permissions)
- [**Object permissions**](#object-permissions)
### Global permissions
Global permissions define who can do what on a global level across the entire system. Some examples in authentik are the ability to add new [flows](../../add-secure-apps/flows-stages/flow/index.md) or to create a URL for users to recover their login credentials.
You can assign _global permissions_ to individual [users](../user/index.mdx) or to [roles](../roles/index.md). The most common and best practice is to assign permissions to roles.
### Object permissions
Object permissions have two categories:
- **_User_ object permissions**: defines WHO (which user) can change the **_object_**
- **_Role_ object permissions**: defines which ROLE can change the **_object_**
Object permissions are assigned, as the name indicates, to an object ([users](../user/index.mdx), [groups](../groups/index.mdx), [roles](../roles/index.md), [flows](../../add-secure-apps/flows-stages/flow/index.md), and stages), and the assigned permissions state exactly what a user or role can do TO the object (i.e. what permissions does the user or role have on that object).
When working with object permissions it is important to understand that when you are viewing the page for an object, the permissions table shows which users or roles have permissions ON that specific object. Those permissions describe what those users or roles can do TO the object detailed on the page.
For example, the Admin interface UI shown below shows a user page for the user named Peter.
![](./user-page.png)
You can see in the **User Object Permissions** table that the Admin user (`akadmin`) and one other user (roberto) has permissions on Peter (that is, on the user object named Peter).
Looking at another example, with a flow object called `default-recovery-flow`, you can see that the Admin user (akadmin) has all object permissions on the flow, but roberto only has a few permissions on that flow.
![](./flow-page.png)

BIN
website/docs/users-sources/access-control/user-page.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 71 KiB