docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #832 from docker/ucp-rbac-775 

edits to clarify Kubernetes case
This commit is contained in:
Justin I. Nevill 2018-11-06 14:31:06 -05:00 committed by GitHub
parent 5e10ab1ffc 0e25f9a6e9
commit b221cfa198
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ee/ucp/authorization/define-roles.md
View File

@ -22,10 +22,10 @@ You can define custom roles or use the following built-in roles:
| `Full Control` | Users can view and edit all granted resources. They can create containers without any restriction, but can't see the containers of other users. |
## Create a custom role
## Create a custom role for Swarm
The **Roles** page lists all default and custom roles applicable in the
organization.
When creating custom roles to use with Swarm, the **Roles** page lists all default and custom roles applicable in the
organization. To create custom roles for Kuberntetes, see [Configure native Kubernetes role-based access control](https://docs.docker.com/ee/ucp/admin/configure/configure-rbac-kube/).
You can give a role a global name, such as "Remove Images", which might enable the
**Remove** and **Force Remove** operations for images. You can apply a role with

26
ee/ucp/authorization/deploy-stateless-app.md
View File

@ -13,7 +13,7 @@ You are the Docker EE system administrator at Acme Company and need to configure
permissions to company resources. The best way to do this is to:
- Build the organization with teams and users.
- Define roles with allowable operations per resource types, like
- Define roles with allowable operations per resource types, like
permission to run containers.
- Create collections or namespaces for accessing actual resources.
- Create grants that join team + role + resource set.
@ -26,11 +26,12 @@ following structure:
```
acme-datacenter
├── dba
   └── Alex Alutin
└── Alex*
├── dev
   └── Bett Bhatia
│ └── Bett
└── ops
  └── Chad Chavez
├── Alex*
└── Chad
```
Learn to [create and configure users and teams](create-users-and-teams-manually.md).
@ -54,19 +55,15 @@ metadata:
name: nginx-namespace
```
### Define roles
You can use the built-in roles or define your own. For this exercise, create a
simple role for the ops team:
1. Click **Roles** under **User Management**.
2. Click **Create Role**.
3. On the **Details** tab, name the role `Kube Deploy`.
4. On the **Operations** tab, check all **Kubernetes Deployment Operations**.
5. Click **Create**.
### Create a team
Learn to [create and configure users and teams](create-users-and-teams-manually.md).
### Define roles
For this exercise, create a simple role for the ops team. To learn how to create roles for Kubernetes,
see [Configure native Kubernetes role-based access control](/ee/ucp/admin/configure/configure-rbac-kube/).
### Grant access
Grant the ops team (and only the ops team) access to nginx-namespace with the
@ -172,4 +169,3 @@ service.
7. Log on to UCP as each user and ensure that:
- `dba` (alex) cannot see `nginx-collection`.
- `dev` (bett) cannot see `nginx-collection`.