search

chef / chef-server

Chef Infra Server is a hub for configuration data; storing cookbooks, node policies and metadata of managed nodes.
https://www.chef.io/chef/
Apache License 2.0
290 stars 210 forks source link

Chef Server 12: Document RBAC and Tools #19

Open sean-horn opened 9 years ago

sean-horn commented 9 years ago

Not for the initial release, but it is critical to have full documentation for the RBAC system and reasonable tools to manipulate it.

OPC/EC have presented a tough nut to crack in this regard, so clarification on standard procedure would really help.

The following abilities would be stellar

  1. Recreate all standard groups and perms as during an org creation.
  2. Add orphaned users back to the Users group, orphaned admins back to the Admins group.
  3. If at all possible, a process by which things can be set back to a known good working state. Failing that, fall back on documentation of the oc_bifrost schemas and RBAC system’s functioning to decipher the issue.

The number one unrepresented use-case for RBAC is #32

sdelano commented 9 years ago

@mmzyk - This seems really close to what you've been documenting recently, yeah? At least the documentation part.

mmzyk commented 9 years ago

@sdelano Yes, at least what I've documented would cover some of what is asked for here, as I've doc'd how the system works, but I haven't doc'd any type of procedure for doing anything.

mmzyk commented 9 years ago

We've add some initial documentation for the ACL system (which is what is meant by RBAC here, but it's not a true RBAC system in the way we've implemented it) here: https://github.com/chef/chef-server/tree/master/doc

James Scott has an item to work on adding this to the the docs site so it's more easily discoverable.

sean-horn commented 9 years ago

Zendesk 5513