From 416ba630a3e99755ed6f54d5311a3797b653aca0 Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Wed, 13 Dec 2023 08:01:55 -0300 Subject: [PATCH 01/24] add user restrictions section --- .../access-control/user-restrictions.md | 22 +++++++++++++++++++ .../deployment/configuration-variables.md | 1 + .../tasklist-authentication.md | 2 +- 3 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 docs/self-managed/concepts/access-control/user-restrictions.md diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md new file mode 100644 index 0000000000..c06417f1ed --- /dev/null +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -0,0 +1,22 @@ +--- +id: user-restrictions +title: "User restrictions" +sidebar_label: "User restrictions" +description: "User restrictions allow you to control the level of access a user or group has to perform tasks in the system." +--- + +:::caution +User restrictions are enabled by default and can be disabled by the use of environment variables. This feature should be enabled in the required component, see: + +- [Identity feature flags](../../../../self-managed/identity/deployment/configuration-variables/#feature-flags) + +::: + +User restrictions allow you to control the level of access a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or +[group](self-managed/identity/user-guide/groups/create-group.md) has to perform tasks where they are candidates in the system. + +### User group restrictions + +[User group restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used on Tasklist to control task access for a +[user](/self-managed/identity/user-guide/roles/add-assign-role.md) or [role](/self-managed/identity/user-guide/roles/add-assign-role.md). The restrictions are +related to the candidate users or groups set up on the Task definition. diff --git a/docs/self-managed/identity/deployment/configuration-variables.md b/docs/self-managed/identity/deployment/configuration-variables.md index fa87a7bf13..b60c5a35a7 100644 --- a/docs/self-managed/identity/deployment/configuration-variables.md +++ b/docs/self-managed/identity/deployment/configuration-variables.md @@ -90,6 +90,7 @@ Identity uses feature flag environment variables to enable and disable features; | ---------------------------- | --------------------------------------------- | ------------- | | RESOURCE_PERMISSIONS_ENABLED | Controls the resource authorizations feature. | false | | MULTITENANCY_ENABLED | Controls the multi tenancy feature. | false | +| USER_RESTRICTIONS_ENABLED | Controls the user group restrictions feature. | true | :::note Setting either of the feature flags to `true` requires a database connection. To configure a database diff --git a/docs/self-managed/tasklist-deployment/tasklist-authentication.md b/docs/self-managed/tasklist-deployment/tasklist-authentication.md index 3536528874..d6e85630f1 100644 --- a/docs/self-managed/tasklist-deployment/tasklist-authentication.md +++ b/docs/self-managed/tasklist-deployment/tasklist-authentication.md @@ -155,7 +155,7 @@ curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer Date: Wed, 13 Dec 2023 08:32:44 -0300 Subject: [PATCH 02/24] Update sidebars.js --- sidebars.js | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sidebars.js b/sidebars.js index c72270a4c0..c6830a4c67 100644 --- a/sidebars.js +++ b/sidebars.js @@ -72,6 +72,7 @@ module.exports = { "components/concepts/backups", "components/concepts/resource-deletion", "components/concepts/resource-authorizations", + "components/concepts/user-restrictions", ], Console: [ "components/console/introduction-to-console", @@ -885,6 +886,7 @@ module.exports = { "Access control": [ "self-managed/concepts/access-control/applications", "self-managed/concepts/access-control/resource-authorizations", + "self-managed/concepts/access-control/user-restrictions", ], }, "self-managed/concepts/exporters", From cda6f5f72d338cdff930c5325ddcea0a8950113d Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Wed, 13 Dec 2023 08:35:57 -0300 Subject: [PATCH 03/24] Update user-restrictions.md --- .../self-managed/concepts/access-control/user-restrictions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index c06417f1ed..6061a9e6ed 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -15,8 +15,8 @@ User restrictions are enabled by default and can be disabled by the use of envir User restrictions allow you to control the level of access a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or [group](self-managed/identity/user-guide/groups/create-group.md) has to perform tasks where they are candidates in the system. -### User group restrictions +### User restrictions -[User group restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used on Tasklist to control task access for a +[User restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used on Tasklist to control task access for a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or [role](/self-managed/identity/user-guide/roles/add-assign-role.md). The restrictions are related to the candidate users or groups set up on the Task definition. From a19b6d35fbbcac02afe99528b87493669761b88a Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Wed, 13 Dec 2023 08:55:37 -0300 Subject: [PATCH 04/24] Update optimize_sidebars.js --- optimize_sidebars.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/optimize_sidebars.js b/optimize_sidebars.js index d0f54173fb..0ddab02a3d 100644 --- a/optimize_sidebars.js +++ b/optimize_sidebars.js @@ -44,6 +44,7 @@ module.exports = { "Resource authorizations", "components/concepts/resource-authorizations/" ), + docsLink("User restrictions", "components/concepts/user-restrictions/"), ], }, @@ -1877,6 +1878,10 @@ module.exports = { "Resource authorizations", "self-managed/concepts/access-control/resource-authorizations/" ), + docsLink( + "User restrictions", + "self-managed/concepts/access-control/user-restrictions/" + ), ], }, docsLink("Exporters", "self-managed/concepts/exporters/"), From 957c3c28746803391c5e5f2c54d84a0d4e005606 Mon Sep 17 00:00:00 2001 From: Christina Ausley Date: Wed, 13 Dec 2023 07:56:00 -0500 Subject: [PATCH 05/24] adjust sidebar --- sidebars.js | 1 - 1 file changed, 1 deletion(-) diff --git a/sidebars.js b/sidebars.js index c6830a4c67..9a507bb8b5 100644 --- a/sidebars.js +++ b/sidebars.js @@ -72,7 +72,6 @@ module.exports = { "components/concepts/backups", "components/concepts/resource-deletion", "components/concepts/resource-authorizations", - "components/concepts/user-restrictions", ], Console: [ "components/console/introduction-to-console", From 6794bba85f2520fd3511a318c4c030ebf1f5166d Mon Sep 17 00:00:00 2001 From: Christina Ausley Date: Wed, 13 Dec 2023 09:07:16 -0500 Subject: [PATCH 06/24] style(formatting): technical review --- .../concepts/access-control/user-restrictions.md | 11 ++++------- .../tasklist-deployment/tasklist-authentication.md | 2 +- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index 6061a9e6ed..0b3bf9152d 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -2,14 +2,11 @@ id: user-restrictions title: "User restrictions" sidebar_label: "User restrictions" -description: "User restrictions allow you to control the level of access a user or group has to perform tasks in the system." +description: "Control the level of access a user or group has to perform tasks in the system via user restrictions." --- :::caution -User restrictions are enabled by default and can be disabled by the use of environment variables. This feature should be enabled in the required component, see: - -- [Identity feature flags](../../../../self-managed/identity/deployment/configuration-variables/#feature-flags) - +User restrictions are enabled by default and can be disabled using environment variables. This feature should be enabled in the required component, see [Identity feature flags](../../../../self-managed/identity/deployment/configuration-variables/#feature-flags). ::: User restrictions allow you to control the level of access a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or @@ -17,6 +14,6 @@ User restrictions allow you to control the level of access a [user](/self-manage ### User restrictions -[User restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used on Tasklist to control task access for a +[User restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used in Tasklist to control task access for a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or [role](/self-managed/identity/user-guide/roles/add-assign-role.md). The restrictions are -related to the candidate users or groups set up on the Task definition. +related to the candidate users or groups set up on the task definition. diff --git a/docs/self-managed/tasklist-deployment/tasklist-authentication.md b/docs/self-managed/tasklist-deployment/tasklist-authentication.md index d6e85630f1..88a6e7c5c5 100644 --- a/docs/self-managed/tasklist-deployment/tasklist-authentication.md +++ b/docs/self-managed/tasklist-deployment/tasklist-authentication.md @@ -155,7 +155,7 @@ curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer Date: Thu, 14 Dec 2023 18:42:36 -0300 Subject: [PATCH 07/24] Update sidebars.js Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- sidebars.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sidebars.js b/sidebars.js index 9a507bb8b5..0d60e82b20 100644 --- a/sidebars.js +++ b/sidebars.js @@ -885,7 +885,7 @@ module.exports = { "Access control": [ "self-managed/concepts/access-control/applications", "self-managed/concepts/access-control/resource-authorizations", - "self-managed/concepts/access-control/user-restrictions", + "self-managed/concepts/access-control/user-task-access-restrictions", ], }, "self-managed/concepts/exporters", From b3977ce86280977ef4ea1215c786ec85f62da4d1 Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:42:41 -0300 Subject: [PATCH 08/24] Update optimize_sidebars.js Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- optimize_sidebars.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/optimize_sidebars.js b/optimize_sidebars.js index 0ddab02a3d..d60cb6462f 100644 --- a/optimize_sidebars.js +++ b/optimize_sidebars.js @@ -1880,7 +1880,7 @@ module.exports = { ), docsLink( "User restrictions", - "self-managed/concepts/access-control/user-restrictions/" + "self-managed/concepts/access-control/user-task-access-restrictions/" ), ], }, From a6e00c6390877342c7c6e2e9164023af01e659ae Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:42:49 -0300 Subject: [PATCH 09/24] Update docs/self-managed/tasklist-deployment/tasklist-authentication.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- .../self-managed/tasklist-deployment/tasklist-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/tasklist-deployment/tasklist-authentication.md b/docs/self-managed/tasklist-deployment/tasklist-authentication.md index 88a6e7c5c5..84455fbdfa 100644 --- a/docs/self-managed/tasklist-deployment/tasklist-authentication.md +++ b/docs/self-managed/tasklist-deployment/tasklist-authentication.md @@ -155,7 +155,7 @@ curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer Date: Thu, 14 Dec 2023 18:42:55 -0300 Subject: [PATCH 10/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index 0b3bf9152d..c48f79b30a 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -2,7 +2,7 @@ id: user-restrictions title: "User restrictions" sidebar_label: "User restrictions" -description: "Control the level of access a user or group has to perform tasks in the system via user restrictions." +description: "Control the level of access a user or group has to perform tasks in the system via user task access restrictions." --- :::caution From 7da9173ab92073c415f87eea361e4062c08a67e2 Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:43:03 -0300 Subject: [PATCH 11/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index c48f79b30a..e1bc63cb6d 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -1,7 +1,7 @@ --- id: user-restrictions title: "User restrictions" -sidebar_label: "User restrictions" +sidebar_label: "User task access restrictions" description: "Control the level of access a user or group has to perform tasks in the system via user task access restrictions." --- From 9f934d49822315a1a8b297168db46e2f42e90bf5 Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:43:20 -0300 Subject: [PATCH 12/24] Update docs/self-managed/identity/deployment/configuration-variables.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- .../self-managed/identity/deployment/configuration-variables.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/identity/deployment/configuration-variables.md b/docs/self-managed/identity/deployment/configuration-variables.md index b60c5a35a7..c4b4712718 100644 --- a/docs/self-managed/identity/deployment/configuration-variables.md +++ b/docs/self-managed/identity/deployment/configuration-variables.md @@ -90,7 +90,7 @@ Identity uses feature flag environment variables to enable and disable features; | ---------------------------- | --------------------------------------------- | ------------- | | RESOURCE_PERMISSIONS_ENABLED | Controls the resource authorizations feature. | false | | MULTITENANCY_ENABLED | Controls the multi tenancy feature. | false | -| USER_RESTRICTIONS_ENABLED | Controls the user group restrictions feature. | true | +| USER_RESTRICTIONS_ENABLED | Controls the user task access restrictions feature in Tasklist. | true | :::note Setting either of the feature flags to `true` requires a database connection. To configure a database From 13d7a01fd8a1f2caf415a7782eff3d119f240afc Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:43:30 -0300 Subject: [PATCH 13/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index e1bc63cb6d..a142c58b26 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -1,6 +1,6 @@ --- id: user-restrictions -title: "User restrictions" +title: "User task access restrictions" sidebar_label: "User task access restrictions" description: "Control the level of access a user or group has to perform tasks in the system via user task access restrictions." --- From 19ba7d67e285fbd168e90f480bacc324b45fe804 Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:43:38 -0300 Subject: [PATCH 14/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index a142c58b26..6d496f26d2 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -1,5 +1,5 @@ --- -id: user-restrictions +id: user-task-access-restrictions title: "User task access restrictions" sidebar_label: "User task access restrictions" description: "Control the level of access a user or group has to perform tasks in the system via user task access restrictions." From fac1fde47d7f29e9f3253ab50c01460e62c027c0 Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:43:51 -0300 Subject: [PATCH 15/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index 6d496f26d2..ab001afbc3 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -6,7 +6,7 @@ description: "Control the level of access a user or group has to perform tasks i --- :::caution -User restrictions are enabled by default and can be disabled using environment variables. This feature should be enabled in the required component, see [Identity feature flags](../../../../self-managed/identity/deployment/configuration-variables/#feature-flags). +User task access restrictions are enabled by default and can be disabled using environment variables. This feature is controlled in the required component, see [Identity feature flags](../../../../self-managed/identity/deployment/configuration-variables/#feature-flags). ::: User restrictions allow you to control the level of access a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or From 32695adc36e349888222b94fc482979f0ff24e2f Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:44:40 -0300 Subject: [PATCH 16/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index ab001afbc3..46527f2c14 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -9,7 +9,7 @@ description: "Control the level of access a user or group has to perform tasks i User task access restrictions are enabled by default and can be disabled using environment variables. This feature is controlled in the required component, see [Identity feature flags](../../../../self-managed/identity/deployment/configuration-variables/#feature-flags). ::: -User restrictions allow you to control the level of access a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or +User task access restrictions allow you to control the level of access a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or [group](self-managed/identity/user-guide/groups/create-group.md) has to perform tasks where they are candidates in the system. ### User restrictions From 0c1e98e76456eccc7d9a68440887c39fdc1369ce Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:44:53 -0300 Subject: [PATCH 17/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index 46527f2c14..f2f1b96378 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -10,7 +10,7 @@ User task access restrictions are enabled by default and can be disabled using e ::: User task access restrictions allow you to control the level of access a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or -[group](self-managed/identity/user-guide/groups/create-group.md) has to perform tasks where they are candidates in the system. +[group](self-managed/identity/user-guide/groups/create-group.md) has to perform BPMN user tasks where they are candidates. ### User restrictions From 7a28e0b8c25ae4095f7a56e196e913367e619bda Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:45:04 -0300 Subject: [PATCH 18/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index f2f1b96378..530d774009 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -12,7 +12,7 @@ User task access restrictions are enabled by default and can be disabled using e User task access restrictions allow you to control the level of access a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or [group](self-managed/identity/user-guide/groups/create-group.md) has to perform BPMN user tasks where they are candidates. -### User restrictions +### User task access restrictions [User restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used in Tasklist to control task access for a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or [role](/self-managed/identity/user-guide/roles/add-assign-role.md). The restrictions are From 10318459fcf5e47c19ee721b13b26f8f3ac24783 Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:45:17 -0300 Subject: [PATCH 19/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index 530d774009..8211a900cf 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -14,6 +14,6 @@ User task access restrictions allow you to control the level of access a [user]( ### User task access restrictions -[User restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used in Tasklist to control task access for a +[User task access restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used in Tasklist to control task access for a [user](/self-managed/identity/user-guide/roles/add-assign-role.md) or [role](/self-managed/identity/user-guide/roles/add-assign-role.md). The restrictions are related to the candidate users or groups set up on the task definition. From 003f85676056b066a0484fb7541ab8a68135a74c Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:45:28 -0300 Subject: [PATCH 20/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index 8211a900cf..803c497eba 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -15,5 +15,5 @@ User task access restrictions allow you to control the level of access a [user]( ### User task access restrictions [User task access restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used in Tasklist to control task access for a -[user](/self-managed/identity/user-guide/roles/add-assign-role.md) or [role](/self-managed/identity/user-guide/roles/add-assign-role.md). The restrictions are +user or [group](/self-managed/identity/user-guide/groups/create-group.md). The restrictions are related to the candidate users or groups set up on the task definition. From e57dddba0b836815469dfc15cb1d2e66efd99e3d Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:45:40 -0300 Subject: [PATCH 21/24] Update docs/self-managed/concepts/access-control/user-restrictions.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- docs/self-managed/concepts/access-control/user-restrictions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-restrictions.md index 803c497eba..6914dc6b4b 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-restrictions.md @@ -16,4 +16,4 @@ User task access restrictions allow you to control the level of access a [user]( [User task access restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used in Tasklist to control task access for a user or [group](/self-managed/identity/user-guide/groups/create-group.md). The restrictions are -related to the candidate users or groups set up on the task definition. +related to the candidate users or groups set up on user task definitions. From ebc0657068b4326fcdfe907d3bf750dc290a7cc2 Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 18:45:56 -0300 Subject: [PATCH 22/24] Update docs/self-managed/tasklist-deployment/tasklist-authentication.md Co-authored-by: Christian Konrad <56470362+christian-konrad@users.noreply.github.com> --- .../self-managed/tasklist-deployment/tasklist-authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/self-managed/tasklist-deployment/tasklist-authentication.md b/docs/self-managed/tasklist-deployment/tasklist-authentication.md index 84455fbdfa..16c67aca80 100644 --- a/docs/self-managed/tasklist-deployment/tasklist-authentication.md +++ b/docs/self-managed/tasklist-deployment/tasklist-authentication.md @@ -153,7 +153,7 @@ Take the `access_token` value from the response object and store it as your toke curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer " -d '{"query": "{tasks(query:{}){id name}}"}' http://localhost:8080/graphql ``` -### User restrictions +### User task access restrictions To use this resource, the **User Task Access Restrictions** feature must be [enabled on Identity](/self-managed/concepts/access-control/user-task-access-restrictions.md). When it is active, Tasklist applies additional security measures to filter tasks based on user identity and authorization. The tasks displayed are restricted based on the candidate groups, candidate users, and assignee associated with the logged-in user. The benefits of this resource are: From 088d317eaa4eba904cc9f3f2bafb6cc28e7a25d6 Mon Sep 17 00:00:00 2001 From: Nathanyel Sandi Date: Thu, 14 Dec 2023 19:01:20 -0300 Subject: [PATCH 23/24] Add code review changes --- .../{user-restrictions.md => user-task-access-restrictions.md} | 3 +++ optimize_sidebars.js | 1 - 2 files changed, 3 insertions(+), 1 deletion(-) rename docs/self-managed/concepts/access-control/{user-restrictions.md => user-task-access-restrictions.md} (85%) diff --git a/docs/self-managed/concepts/access-control/user-restrictions.md b/docs/self-managed/concepts/access-control/user-task-access-restrictions.md similarity index 85% rename from docs/self-managed/concepts/access-control/user-restrictions.md rename to docs/self-managed/concepts/access-control/user-task-access-restrictions.md index 6914dc6b4b..f56749f251 100644 --- a/docs/self-managed/concepts/access-control/user-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-task-access-restrictions.md @@ -17,3 +17,6 @@ User task access restrictions allow you to control the level of access a [user]( [User task access restrictions](self-managed/tasklist-deployment/tasklist-authentication.md/#user-restrictions) are used in Tasklist to control task access for a user or [group](/self-managed/identity/user-guide/groups/create-group.md). The restrictions are related to the candidate users or groups set up on user task definitions. + +For example: if a task has a candidate group named as "Team A", and a candidate user named "example". Only the +users that belongs to the "Team A", as well as the user "example" will have access to the task. diff --git a/optimize_sidebars.js b/optimize_sidebars.js index d60cb6462f..d3d21e2dcc 100644 --- a/optimize_sidebars.js +++ b/optimize_sidebars.js @@ -44,7 +44,6 @@ module.exports = { "Resource authorizations", "components/concepts/resource-authorizations/" ), - docsLink("User restrictions", "components/concepts/user-restrictions/"), ], }, From 2a6ac16afaf44ab58aaed1105691ccdf247744d1 Mon Sep 17 00:00:00 2001 From: christinaausley <84338309+christinaausley@users.noreply.github.com> Date: Fri, 15 Dec 2023 10:31:34 -0700 Subject: [PATCH 24/24] Update user-task-access-restrictions.md --- .../concepts/access-control/user-task-access-restrictions.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/self-managed/concepts/access-control/user-task-access-restrictions.md b/docs/self-managed/concepts/access-control/user-task-access-restrictions.md index f56749f251..2d3acbf286 100644 --- a/docs/self-managed/concepts/access-control/user-task-access-restrictions.md +++ b/docs/self-managed/concepts/access-control/user-task-access-restrictions.md @@ -18,5 +18,5 @@ User task access restrictions allow you to control the level of access a [user]( user or [group](/self-managed/identity/user-guide/groups/create-group.md). The restrictions are related to the candidate users or groups set up on user task definitions. -For example: if a task has a candidate group named as "Team A", and a candidate user named "example". Only the -users that belongs to the "Team A", as well as the user "example" will have access to the task. +For example, if a task has a candidate group named `Team A` and a candidate user named `example`, only the +users that belong to `Team A` and the user `example` will have access to the task.