From 06368abf4462026d1aeed098aee07b769ec0eaaf Mon Sep 17 00:00:00 2001 From: Jeremy Price Date: Tue, 10 Aug 2021 11:11:13 +0200 Subject: [PATCH] Accesscontrol fix permission name (#37717) * Fixes permission name for services:accesscontrol --- .../enterprise/access-control/permissions.md | 22 +++++++++---------- docs/sources/http_api/admin.md | 6 ++--- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/docs/sources/enterprise/access-control/permissions.md b/docs/sources/enterprise/access-control/permissions.md index 6b0996b5474..c292502125f 100644 --- a/docs/sources/enterprise/access-control/permissions.md +++ b/docs/sources/enterprise/access-control/permissions.md @@ -39,7 +39,7 @@ The following list contains fine-grained access control actions. | `reports:send` | `reports:*` | Send a report email. | | `reports.settings:write` | n/a | Update report settings. | | `reports.settings:read` | n/a | Read report settings. | -| `provisioning:reload` | `service:accesscontrol` | Reload provisioning files. | +| `provisioning:reload` | `services:accesscontrol` | Reload provisioning files. | | `users:read` | `global:users:*` | Read or search user profiles. | | `users:write` | `global:users:*` | Update a user’s profile. | | `users.teams:read` | `global:users:*` | Read a user’s teams. | @@ -62,7 +62,7 @@ The following list contains fine-grained access control actions. | `ldap.user:sync` | n/a | Sync a user via LDAP. | | `ldap.status:read` | n/a | Verify the LDAP servers’ availability. | | `ldap.config:reload` | n/a | Reload the LDAP configuration. | -| `status:accesscontrol` | `service:accesscontrol` | Get access-control enabled status. | +| `status:accesscontrol` | `services:accesscontrol` | Get access-control enabled status. | | `settings:read` | `settings:**`
`settings:auth.saml:*`
`settings:auth.saml:enabled` (property level) | Read settings | | `settings:write` | `settings:**`
`settings:auth.saml:*`
`settings:auth.saml:enabled` (property level) | Update settings | | `server.stats:read` | n/a | Read server stats | @@ -72,12 +72,12 @@ The following list contains fine-grained access control actions. The following list contains fine-grained access control scopes. -| Scopes | Descriptions | -| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `roles:*` | Restrict an action to a set of roles. For example, `roles:*` matches any role, `roles:randomuid` matches only the role with UID `randomuid` and `roles:custom:reports:{editor,viewer}` matches both `custom:reports:editor` and `custom:reports:viewer` roles. | -| `permissions:delegate` | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment. | -| `reports:*` | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:1` matches the report with id `1`. | -| `service:accesscontrol` | Restrict an action to target only the fine-grained access control service. For example, you can use this in conjunction with the `provisioning:reload` or the `status:accesscontrol` actions. | -| `global:users:*` | Restrict an action to a set of global users. | -| `users:*` | Restrict an action to a set of users from an organization. | -| `settings:**` | Restrict an action to a subset of settings. For example, `settings:**` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings. | +| Scopes | Descriptions | +| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `roles:*` | Restrict an action to a set of roles. For example, `roles:*` matches any role, `roles:randomuid` matches only the role with UID `randomuid` and `roles:custom:reports:{editor,viewer}` matches both `custom:reports:editor` and `custom:reports:viewer` roles. | +| `permissions:delegate` | The scope is only applicable for roles associated with the Access Control itself and indicates that you can delegate your permissions only, or a subset of it, by creating a new role or making an assignment. | +| `reports:*` | Restrict an action to a set of reports. For example, `reports:*` matches any report and `reports:1` matches the report with id `1`. | +| `services:accesscontrol` | Restrict an action to target only the fine-grained access control service. For example, you can use this in conjunction with the `provisioning:reload` or the `status:accesscontrol` actions. | +| `global:users:*` | Restrict an action to a set of global users. | +| `users:*` | Restrict an action to a set of users from an organization. | +| `settings:**` | Restrict an action to a subset of settings. For example, `settings:**` matches all settings, `settings:auth.saml:*` matches all SAML settings, and `settings:auth.saml:enabled` matches the enable property on the SAML settings. | diff --git a/docs/sources/http_api/admin.md b/docs/sources/http_api/admin.md index 8a2fd007893..fb84bc295ff 100644 --- a/docs/sources/http_api/admin.md +++ b/docs/sources/http_api/admin.md @@ -612,9 +612,9 @@ Only works with Basic Authentication (username and password). See [introduction] See note in the [introduction]({{< ref "#admin-api" >}}) for an explanation. -| Action | Scope | Provision entity | -| ------------------- | --------------------- | ---------------- | -| provisioning:reload | service:accesscontrol | accesscontrol | +| Action | Scope | Provision entity | +| ------------------- | ---------------------- | ---------------- | +| provisioning:reload | services:accesscontrol | accesscontrol | **Example Request**: