From 13ae4269ffadf6830a6c21764cf9a446aa7ed46b Mon Sep 17 00:00:00 2001 From: OpenTelekomCloud Proposal Bot Date: Mon, 10 Feb 2025 20:12:23 +0000 Subject: [PATCH] Update content --- ...eating_a_user_and_granting_permissions.rst | 4 +- umn/source/service_overview/permission.rst | 156 ++++++++++-------- 2 files changed, 90 insertions(+), 70 deletions(-) diff --git a/umn/source/permission_management/creating_a_user_and_granting_permissions.rst b/umn/source/permission_management/creating_a_user_and_granting_permissions.rst index 8c48484..8cd5f11 100644 --- a/umn/source/permission_management/creating_a_user_and_granting_permissions.rst +++ b/umn/source/permission_management/creating_a_user_and_granting_permissions.rst @@ -36,5 +36,5 @@ Before granting permissions, learn about the RFS permissions and select the perm The created user logs in to the console and verifies permissions as described below: - - Choose **Service List** > **Resource Formation Service**. In the navigation pane on the left, click **Stacks**. If a message appears indicating that you have insufficient permissions to perform the operation. However, if you can view existing stacks in the **Stacks** page, the **RFS ReadOnlyAccess** policy is in effect. - - Choose another service from **Service List**. If a message appears indicating that you have insufficient permissions to access the service, the **RFS ReadOnlyAccess** policy is in effect. + - Choose **Service List** > **Resource Formation Service**. In the navigation pane on the left, click on **Stacks**. If you can view the stack list successfully, the RFS ReadOnlyAccess policy is in effect. If you click on **Create Stack** in the upper right corner of the displayed page, you should receive a notification message indicating your insufficient permissions. + - Choose another service from **Service List**. If a message appears indicating that you have insufficient permissions to access the service, it also reflects the **RFS ReadOnlyAccess** policy. diff --git a/umn/source/service_overview/permission.rst b/umn/source/service_overview/permission.rst index 9bf9182..a5e5604 100644 --- a/umn/source/service_overview/permission.rst +++ b/umn/source/service_overview/permission.rst @@ -100,74 +100,94 @@ The following table lists fine-grained actions and dependencies for RFS. .. table:: **Table 3** RFS fine-grained actions - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | System-defined Permission | Description | Dependencies | Scenario | - +========================================+===================================================================================================================+================================================+=================================================================================================================+ - | rf:privateTemplate:create | Grant permissions to create a template | None | Create a template | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:createVersion | Grant permissions to create a template version | None | Create a template version | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:delete | Grant permissions to delete a template | None | Delete a template | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:deleteVersion | Grant permissions to delete a template version | None | Delete a template version | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:list | Grant permissions to list templates | None | List templates | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:listVersions | Grant permissions to list template versions | None | List template versions | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:showMetadata | Grant permissions to show template metadata | None | Show template properties such as template name, ID and description | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:showVersionContent | Grant permissions to show template version content | None | Show template version content | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:showVersionMetadata | Grant permissions to show template version metadata | None | Show template version properties such as template version ID and description | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:updateMetadata | Grant permissions to update template metadata | None | Update template properties such as template description | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:template:parseTemplateVariables | Grant permissions to parse template variables | None | Parse and return all variable blocks in the template | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:applyExecutionPlan | Grant permissions to apply execution plan | None | Deploy a stack via applying an execution plan | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:createExecutionPlan | Grant permissions to create execution plan | None | Create an execution plan | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:deleteExecutionPlan | Grant permissions to delete execution plan | None | Delete an execution plan | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:getExecutionPlan | Grant permissions to get execution plan | None | Get an execution plan which provides a preview of stack changes such as operations to be performed on resources | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:getExecutionPlanMetadata | Grant permissions to get execution plan metadata | None | Get execution plan properties such as execution plan name, ID and description | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listExecutionPlans | Grant permissions to list execution plans | None | List execution plans | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:createStack | Grant permissions to create stack | Required only for template resource encryption | Create a stack | - | | | | | - | | | - kms:cmk:list | | - | | | - kms:dek:create | | - | | | | | - | | | Required only for agency configuration | | - | | | | | - | | | - iam:agencies:listAgencies | | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:deleteStack | Grant permissions to delete stack | None | Delete a stack | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:deployStack | Grant permissions to deploy stack | None | Deploy stack directly | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:continueDeployStack | Grant permissions to continue to deploy stack | None | Retry failed stack deployment | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:continueRollbackStack | Grant permissions to continue to rollback stack. Currently this functionality is only available at the API level. | None | Retry failed stack rollback | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:getStackMetadata | Grant permissions to get stack metadata | None | Get stack properties such as stack ID, name and description | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:getStackTemplate | Grant permissions to get stack template | None | Get stack template | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listStackEvents | Grant permissions to list stack events | None | List stack events | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listStackOutputs | Grant permissions to list stack outputs | None | List stack outputs | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listStackResources | Grant permissions to list stack resources | None | List stack resources | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listStacks | Grant permissions to list stacks | None | List stacks | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:updateStack | Grant permissions to update stack | None | Update stack properties such as description, auto-rollback and deletion protection | - +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | System-defined Permission | Description | Dependencies | Scenario | + +========================================+===================================================================================================================+=========================================================================================+=================================================================================================================+ + | rf:privateTemplate:create | Grant permissions to create a template | None | Create a template | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:createVersion | Grant permissions to create a template version | None | Create a template version | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:delete | Grant permissions to delete a template | None | Delete a template | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:deleteVersion | Grant permissions to delete a template version | None | Delete a template version | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:list | Grant permissions to list templates | None | List templates | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:listVersions | Grant permissions to list template versions | - rf:privateTemplate:list | List template versions | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:showMetadata | Grant permissions to show template metadata | - rf:privateTemplate:list | Show template properties such as template name, ID and description | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:showVersionContent | Grant permissions to show template version content | - rf:privateTemplate:list | Show template version content | + | | | - rf:privateTemplate:listVersions | | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:showVersionMetadata | Grant permissions to show template version metadata | - rf:privateTemplate:list | Show template version properties such as template version ID and description | + | | | - rf:privateTemplate:listVersions | | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:updateMetadata | Grant permissions to update template metadata | None | Update template properties such as template description | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:template:parseTemplateVariables | Grant permissions to parse template variables | None | Parse and return all variable blocks in the template | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:applyExecutionPlan | Grant permissions to apply execution plan | None | Deploy a stack via applying an execution plan | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:createExecutionPlan | Grant permissions to create execution plan | None | Create an execution plan | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:deleteExecutionPlan | Grant permissions to delete execution plan | None | Delete an execution plan | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:getExecutionPlan | Grant permissions to get execution plan | - rf:stack:listExecutionPlans | Get an execution plan which provides a preview of stack changes such as operations to be performed on resources | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:getExecutionPlanMetadata | Grant permissions to get execution plan metadata | - rf:stack:listExecutionPlans | Get execution plan properties such as execution plan name, ID and description | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listExecutionPlans | Grant permissions to list execution plans | None | List execution plans | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:createStack | Grant permissions to create stack | Required for creating stack from a private template | Create a stack | + | | | | | + | | | - rf:privateTemplate:list | | + | | | - rf:privateTemplate:listVersions | | + | | | - rf:privateTemplate:showVersionContent | | + | | | | | + | | | Required for configuring template variables | | + | | | | | + | | | - rf:template:parseTemplateVariables | | + | | | | | + | | | Required for template resource encryption | | + | | | | | + | | | - kms:cmk:list | | + | | | - kms:dek:create | | + | | | | | + | | | Required for configuring agency | | + | | | | | + | | | - iam:agencies:listAgencies | | + | | | | | + | | | Required for deploying stack directly | | + | | | | | + | | | - rf:stack:deployStack | | + | | | | | + | | | Required for creating an execution plan for change preview before actual stack creation | | + | | | | | + | | | - rf:stack:createExecutionPlan | | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:deleteStack | Grant permissions to delete stack | None | Delete a stack | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:deployStack | Grant permissions to deploy stack | None | Deploy stack directly | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:continueDeployStack | Grant permissions to continue to deploy stack | - rf:stack:deployStack | Retry failed stack deployment | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:continueRollbackStack | Grant permissions to continue to rollback stack. Currently this functionality is only available at the API level. | - rf:stack:deployStack | Retry failed stack rollback | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:getStackMetadata | Grant permissions to get stack metadata | - rf:stack:listStacks | Get stack properties such as stack ID, name and description | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:getStackTemplate | Grant permissions to get stack template | - rf:stack:listStacks | Get stack template | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listStackEvents | Grant permissions to list stack events | None | List stack events | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listStackOutputs | Grant permissions to list stack outputs | None | List stack outputs | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listStackResources | Grant permissions to list stack resources | None | List stack resources | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listStacks | Grant permissions to list stacks | None | List stacks | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:updateStack | Grant permissions to update stack | None | Update stack properties such as description, auto-rollback and deletion protection | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ Related Documents -----------------