diff --git a/umn/source/permission_management/creating_a_user_and_granting_permissions.rst b/umn/source/permission_management/creating_a_user_and_granting_permissions.rst index 5d23863..8c48484 100644 --- a/umn/source/permission_management/creating_a_user_and_granting_permissions.rst +++ b/umn/source/permission_management/creating_a_user_and_granting_permissions.rst @@ -36,5 +36,5 @@ Before granting permissions, learn about the RFS permissions and select the perm The created user logs in to the console and verifies permissions as described below: - - Choose **Service List** > **Resource Formation Service**. In the navigation pane on the left, click **Stacks**. In the upper right corner of the displayed page, click **Create Stack**. If a message appears indicating that you have insufficient permissions to perform the operation, and if you can view existing stacks in the **Stacks** page, the **RFS ReadOnlyAccess** policy is in effect. + - Choose **Service List** > **Resource Formation Service**. In the navigation pane on the left, click **Stacks**. If a message appears indicating that you have insufficient permissions to perform the operation. However, if you can view existing stacks in the **Stacks** page, the **RFS ReadOnlyAccess** policy is in effect. - Choose another service from **Service List**. If a message appears indicating that you have insufficient permissions to access the service, the **RFS ReadOnlyAccess** policy is in effect. diff --git a/umn/source/service_overview/permission.rst b/umn/source/service_overview/permission.rst index d4871e0..9bf9182 100644 --- a/umn/source/service_overview/permission.rst +++ b/umn/source/service_overview/permission.rst @@ -100,70 +100,74 @@ The following table lists fine-grained actions and dependencies for RFS. .. table:: **Table 3** RFS fine-grained actions - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | System-defined Permission | Description | Dependencies | Scenario | - +========================================+=====================================================+================================================+=================================================================================================================+ - | rf:privateTemplate:create | Grant permissions to create a template | None | Create a template | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:createVersion | Grant permissions to create a template version | None | Create a template version | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:delete | Grant permissions to delete a template | None | Delete a template | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:deleteVersion | Grant permissions to delete a template version | None | Delete a template version | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:list | Grant permissions to list templates | None | List templates | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:listVersions | Grant permissions to list template versions | None | List template versions | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:showMetadata | Grant permissions to show template metadata | None | Show template properties such as template ID and description | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:showVersionContent | Grant permissions to show template version content | None | Show template version content | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:showVersionMetadata | Grant permissions to show template version metadata | None | Show template version properties such as template ID, template name and version description | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:privateTemplate:updateMetadata | Grant permissions to update template metadata | None | Update template properties such as template description | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:template:parseTemplateVariables | Grant permissions to parse template variables | None | Parse template variables | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:applyExecutionPlan | Grant permissions to apply execution plan | None | Deploy a stack via applying an execution plan | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:createExecutionPlan | Grant permissions to create execution plan | None | Create an execution plan | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:deleteExecutionPlan | Grant permissions to delete execution plan | None | Delete an execution plan | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:getExecutionPlan | Grant permissions to get execution plan | None | Get an execution plan which provides a preview of stack changes such as operations to be performed on resources | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:getExecutionPlanMetadata | Grant permissions to get execution plan metadata | None | Get execution plan properties such as stack id, execution plan id and description | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listExecutionPlans | Grant permissions to list execution plans | None | List execution plans | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:createStack | Grant permissions to create stack | Required only for template resource encryption | Create a stack | - | | | | | - | | | - kms:cmk:list | | - | | | - kms:dek:create | | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:deleteStack | Grant permissions to delete stack | None | Delete a stack | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:deployStack | Grant permissions to deploy stack | None | Deploy stack directly | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:continueDeployStack | Grant permissions to continue to deploy stack | None | Retry failed stack deployment | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:continueRollbackStack | Grant permissions to continue to rollback stack | None | Retry failed stack rollback | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:getStackMetadata | Grant permissions to get stack metadata | None | Get stack properties such as stack id, name and description | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:getStackTemplate | Grant permissions to get stack template | None | Get stack template | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listStackEvents | Grant permissions to list stack events | None | List stack events | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listStackOutputs | Grant permissions to list stack outputs | None | List stack outputs | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listStackResources | Grant permissions to list stack resources | None | List stack resources | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:listStacks | Grant permissions to list stacks | None | List stacks | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ - | rf:stack:updateStack | Grant permissions to update stack | None | Update stack properties such as description, auto-rollback and deletion protection | - +----------------------------------------+-----------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | System-defined Permission | Description | Dependencies | Scenario | + +========================================+===================================================================================================================+================================================+=================================================================================================================+ + | rf:privateTemplate:create | Grant permissions to create a template | None | Create a template | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:createVersion | Grant permissions to create a template version | None | Create a template version | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:delete | Grant permissions to delete a template | None | Delete a template | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:deleteVersion | Grant permissions to delete a template version | None | Delete a template version | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:list | Grant permissions to list templates | None | List templates | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:listVersions | Grant permissions to list template versions | None | List template versions | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:showMetadata | Grant permissions to show template metadata | None | Show template properties such as template name, ID and description | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:showVersionContent | Grant permissions to show template version content | None | Show template version content | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:showVersionMetadata | Grant permissions to show template version metadata | None | Show template version properties such as template version ID and description | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:privateTemplate:updateMetadata | Grant permissions to update template metadata | None | Update template properties such as template description | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:template:parseTemplateVariables | Grant permissions to parse template variables | None | Parse and return all variable blocks in the template | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:applyExecutionPlan | Grant permissions to apply execution plan | None | Deploy a stack via applying an execution plan | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:createExecutionPlan | Grant permissions to create execution plan | None | Create an execution plan | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:deleteExecutionPlan | Grant permissions to delete execution plan | None | Delete an execution plan | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:getExecutionPlan | Grant permissions to get execution plan | None | Get an execution plan which provides a preview of stack changes such as operations to be performed on resources | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:getExecutionPlanMetadata | Grant permissions to get execution plan metadata | None | Get execution plan properties such as execution plan name, ID and description | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listExecutionPlans | Grant permissions to list execution plans | None | List execution plans | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:createStack | Grant permissions to create stack | Required only for template resource encryption | Create a stack | + | | | | | + | | | - kms:cmk:list | | + | | | - kms:dek:create | | + | | | | | + | | | Required only for agency configuration | | + | | | | | + | | | - iam:agencies:listAgencies | | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:deleteStack | Grant permissions to delete stack | None | Delete a stack | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:deployStack | Grant permissions to deploy stack | None | Deploy stack directly | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:continueDeployStack | Grant permissions to continue to deploy stack | None | Retry failed stack deployment | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:continueRollbackStack | Grant permissions to continue to rollback stack. Currently this functionality is only available at the API level. | None | Retry failed stack rollback | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:getStackMetadata | Grant permissions to get stack metadata | None | Get stack properties such as stack ID, name and description | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:getStackTemplate | Grant permissions to get stack template | None | Get stack template | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listStackEvents | Grant permissions to list stack events | None | List stack events | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listStackOutputs | Grant permissions to list stack outputs | None | List stack outputs | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listStackResources | Grant permissions to list stack resources | None | List stack resources | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:listStacks | Grant permissions to list stacks | None | List stacks | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ + | rf:stack:updateStack | Grant permissions to update stack | None | Update stack properties such as description, auto-rollback and deletion protection | + +----------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------+-----------------------------------------------------------------------------------------------------------------+ Related Documents ----------------- diff --git a/umn/source/service_overview/supported_provider_versions.rst b/umn/source/service_overview/supported_provider_versions.rst index 87a9eac..bda2344 100644 --- a/umn/source/service_overview/supported_provider_versions.rst +++ b/umn/source/service_overview/supported_provider_versions.rst @@ -7,7 +7,7 @@ Supported Provider Versions A Provider is a plug-in that encapsulates various resource APIs (such as CRUD APIs of resources) for the resource formation engine to call. -RFS will be updated monthly to keep the provider version up-to-date. The following table lists the current Provider types and versions supported by RFS. +RFS is updated monthly to keep the provider version up-to-date. The following table lists the current Provider types and versions supported by RFS. .. table:: **Table 1** Supported Provider Versions