habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

website/docs: changes to text and new screenshots for new Permissions tabs (#8490)

Browse Source 
* update screenshots and docs about perms

* tweaks to procedurals

* tweak links

* typo on akadmin

* Optimised images with calibre/image-actions

---------

Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com>
This commit is contained in:
Tana M Berry
2024-02-14 12:33:45 -06:00
committed by GitHub
parent d27caaabc3
commit e48f6bbec4
4 changed files with 37 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
website/docs/user-group-role/access-control/flow-page.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 116 KiB

After

Width:  |  Height:  |  Size: 72 KiB

50
website/docs/user-group-role/access-control/manage_permissions.md
View File

@ -32,9 +32,9 @@ To view _object_ permissions for a specific user or role:
\_These instructions apply to all objects that **do not** have a detail page.\_\_
1. Go to the Admin interface and navigate to **Flows and Stages -> Stagess**.
2. On the row for the specific stage whose permissions you want to view, click the lock icon.
3. On the **Update Permissions** tab, you can view the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs.
1. Go to the Admin interface and navigate to **Flows and Stages -> Stages**.
2. On the row for the specific stage whose permissions you want to view, click the **lock icon**.
3. On the **Update Permissions** window, you can view the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs.
## Manage permissions
@ -48,21 +48,25 @@ To assign or remove _object_ permissions for a specific user:
2. Select a specific user by clicking on the user's name.
3. Click the **Permissions** tab at the top of the page.
4. To assign or remove permissions that another _user_ has on this specific user:
1. Click the **User Object Permissions** tab, click **Assign to new user**.
1. Click the **User Object Permissions** tab, and then click **Assign to new user**.
2. In the **User** drop-down, select the user object.
3. Use the toggles to set which permissions on that selected user object you want to grant to (or remove from) the specific user.
4. Click **Assign** to save your settings and close the modal.
5. To assign or remove permissions that another _role_ has on this specific user:
Click the **Role Object Permissions** tab, click **Assign to new role**. 2. In the **User** drop-down, select the user object. 3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. 4. Click **Assign** to save your settings and close the modal.
1. Click the **Role Object Permissions** tab, and then click **Assign to new role**.
2. In the **User** drop-down, select the user object.
3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role.
4. Click **Assign** to save your settings and close the modal.
To assign or remove _global_ permissions for a user:
1. Go to the Admin interface and navigate to **Directory -> Users**.
2. Select a specific user the clicking on the user's name.
3. Click the **Assigned Permissions** tab at the top of the page (to the right of the **Permissions** tab).
4. In the **Assigned Global Permissions** area, click **Assign Permission**.
5. In the **Assign permissions to user** modal, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the user. To remove permissions, deselect the checkbox.
6. Click **Add**, and then click **Assign** to save your changes and close the modal.
3. Click the **Permissions** tab at the top of the page.
4. Click **Assigned Global Permissions** to the left.
5. In the **Assign permissions** area, click **Assign Permission**.
6. In the **Assign permission to user** modal box, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the user. To remove permissions, deselect the checkbox.
7. Click **Add**, and then click **Assign** to save your changes and close the modal.
### Assign or remove permissions on a specific group
@ -74,15 +78,18 @@ Also there are no global permissions for groups.
To assign or remove _object_ permissions on a specific group by users and roles:
1. Go to the Admin interface and navigate to **Directory -> Groups**.
2. Select a specific group by clicking the the group's name.
2. Select a specific group by clicking the group's name.
3. Click the **Permissions** tab at the top of the page.
To assign or remove permissions that another _user_ has on this specific group:
1. Click the **User Object Permissions** tab, click **Assign to new user**.
1. Click **User Object Permissions** to the left, and then click **Assign to new user**.
2. In the **User** drop-down, select the user object.
3. Use the toggles to set which permissions on that selected group you want to grant to (or remove from) the specific user.
4. Click **Assign** to save your settings and close the modal.
4. To assign or remove permissions that another _role_ has on this specific group:
Click the **Role Object Permissions** tab, click **Assign to new role**. 2. In the **Role** drop-down, select the role. 3. Use the toggles to set which permissions you want to grant to (or remove from ) the selected role. 4. Click **Assign** to save your settings and close the modal.
1. Click **Role Object Permissions** to the left, and then click **Assign to new role**.
2. In the **Role** drop-down, select the role.
3. Use the toggles to set which permissions you want to grant to (or remove from ) the selected role.
4. Click **Assign** to save your settings and close the modal.
### Assign or remove permissions for a specific role
@ -91,16 +98,23 @@ To assign or remove _object_ permissions for a specific role:
1. Go to the Admin interface and navigate to **Directory -> Roles**.
2. Select a specific role the clicking on the role's name.
3. Click the **Permissions** tab at the top of the page.
To assign or remove permissions that another _user_ has on this specific role: 1. Click the **User Object Permissions** tab, click **Assign to new user**. 2. In the **User** drop-down, select the user object. 3. Use the toggles to set which permissions on that role you want to grant to (or remove from) the selected user. 4. Click **Assign** to save your settings and close the modal.
To assign or remove permissions that another _user_ has on this specific role:
1. Click **User Object Permissions** to the left, and then click **Assign to new user**.
2. In the **User** drop-down, select the user object.
3. Use the toggles to set which permissions on that role you want to grant to (or remove from) the selected user.
4. Click **Assign** to save your settings and close the modal.
4. To assign or remove permissions that another _role_ has on this specific group:
Click the **Role Object Permissions** tab, click **Assign to new role**. 2. In the **Role** drop-down, select the role. 3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role. 4. Click **Assign** to save your settings and close the modal.
1. Click **Role Object Permissions** to the left, and then click **Assign to new role**.
2. In the **Role** drop-down, select the role.
3. Use the toggles to set which permissions you want to grant to (or remove from) the selected role.
4. Click **Assign** to save your settings and close the modal.
To assign or remove _global_ permissions for a role:
1. Go to the Admin interface and navigate to **Directory -> Roles**.
2. Select a specific role by clicking on the role's name.
3. The **Overview** tab at the top of the page displays all assigned global permissions for the role.
4. In the **Assigned Global Permissions** area, click **Assign Permission**.
3. Click the **Permissions** tab at the top of the page.
4. Click **Assigned Global Permissions** to the left, and then click **Assign Permission**.
5. In the **Assign permissions to role** modal, click the plus sign (**+**) and then click the checkbox beside each permission that you want to assign to the role. To remove permissions, deselect the checkbox.
6. Click **Assign** to save your changes and close the modal.
@ -114,5 +128,5 @@ To assign or remove _global_ permissions for a role:
### Assign or remove stage permissions
1. Go to the Admin interface and navigate to **Flows and Stages -> Stagess**.
2. On the row for the specific stage that you want to manage permissions, click the lock icon.
3. On the **Update Permissions** tab, you can add or remove the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs.
2. On the row for the specific stage that you want to manage permissions, click the **lock icon**.
3. On the **Update Permissions** modal window, you can add or remove the assigned permissions using the **User Object Permissions** and the **Role Object Permissions** tabs.

10
website/docs/user-group-role/access-control/permissions.md
View File

@ -29,16 +29,16 @@ Object permissions have two categories:
- **_User_ object permissions**: defines WHO (which user) can change the **_object_**
- **_Role_ object permissions**: defines which ROLE can change the **_object_**
Object permissions are assigned, as the name indicates, to an object (users, [groups](../groups/index.mdx), roles, flows, and stages), and the assigned permissions state exactly what a user or role can do TO the object (i.e. what permissions does the user or role have on that object).
Object permissions are assigned, as the name indicates, to an object ([users](../user/index.mdx), [groups](../groups/index.mdx), [roles](../roles/index.mdx), [flows](../../flow/index.md), and stages), and the assigned permissions state exactly what a user or role can do TO the object (i.e. what permissions does the user or role have on that object).
When working with object permissions, it is important to understand that when you are viewing the page for an object the permissions table shows which users or roles have permissions ON that object. Those permissions describe what those users or roles can do TO the object detailed on the page.
When working with object permissions it is important to understand that when you are viewing the page for an object, the permissions table shows which users or roles have permissions ON that specific object. Those permissions describe what those users or roles can do TO the object detailed on the page.
For example, the UI below shows a user page for the user named Peter.
For example, the Admin interface UI shown below shows a user page for the user named Peter.
![](./user-page.png)
You can see in the **User Object Permissions** table that another user, roberto, has permissions on Peter (that is, on the user object Peter).
You can see in the **User Object Permissions** table that the Admin user (`akadmin`) and one other user (roberto) has permissions on Peter (that is, on the user object named Peter).
Looking at another example, with a flow object called `default-recovery-flow` you can see that the Admin user (akadmin) has all object permissions on the flow, but roberto only has a few permissions on that flow.
Looking at another example, with a flow object called `default-recovery-flow`, you can see that the Admin user (akadmin) has all object permissions on the flow, but roberto only has a few permissions on that flow.
![](./flow-page.png)

BIN
website/docs/user-group-role/access-control/user-page.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 119 KiB

After

Width:  |  Height:  |  Size: 71 KiB