Added initial rbac doc

2026-01-11 01:57:35 -03:30 · 2016-02-10 16:59:31 -05:00 · 2016-02-10 16:59:31 -05:00 · 86c528154b
commit 86c528154b
parent 4bc9ca2096
1 changed files with 53 additions and 0 deletions
--- a/docs/rbac.md
+++ b/docs/rbac.md
@ -0,0 +1,53 @@
+# Role-Based Access Control (RBAC)
+
+This document describes the RBAC implementation of the Ansible Tower Software.
+The intended audience of this document is the Ansible Tower developer.
+
+## Overview
+
+The RBAC system allows you to create and layer roles for controlling access to resources. Any `django.Model` can
+be made into a `Resource` in the RBAC system by using the `ResourceMixin`. Once a model is accessible as a resource you can
+extend the model definition to have specific roles using the `ImplicitRoleField`. This role field allows you to
+configure the name of a role, any parents a role may have, and the permissions having this role will grant you to the resource.
+
+### Roles
+
+Roles are defined for a resource. If a role has any parents, these parents will be considered when determing
+what roles are checked when accessing a resource.
+
+    ResourceA
+     |-- AdminRole
+
+    ResourceB
+     | -- AdminRole
+           |-- parent = ResourceA.AdminRole
+
+When a user attempts to access ResourceB we will check for their level access using the set of all unique roles, include the parents.
+
+    set: ResourceA.AdminRole, ResourceB.AdminRole
+
+This would provide anyone with the ResourceA.AdminRole or ResourceB.AdminRole access to ResourceB.
+
+## Models
+
+`Role`
+
+`RoleHierarchy`
+
+`Resource`
+
+`RolePermission`
+
+## Fields
+
+`ImplicitRoleField`
+
+`ImplicitResourceField`
+
+## Mixins
+
+`ResourceMixin`
+
+Usage
+-----
+