From c6af4cca10700945a8046d504fdf78cfc40bd259 Mon Sep 17 00:00:00 2001 From: jannfis Date: Mon, 6 Apr 2020 21:41:10 +0200 Subject: [PATCH] docs: Clarify RBAC requirement for local users (#3361) * Clarify RBAC requirement for local users * Update docs/operator-manual/user-management/index.md Co-Authored-By: Alexander Matyushentsev Co-authored-by: Alexander Matyushentsev --- docs/operator-manual/rbac.md | 4 ++-- docs/operator-manual/user-management/index.md | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md index 2da392238b..6fbb9a2735 100644 --- a/docs/operator-manual/rbac.md +++ b/docs/operator-manual/rbac.md @@ -2,8 +2,8 @@ The RBAC feature enables restriction of access to Argo CD resources. Argo CD does not have its own user management system and has only one built-in user `admin`. The `admin` user is a superuser and -it has unrestricted access to the system. RBAC requires [SSO configuration](user-management/index.md). Once SSO is -configured, additional RBAC roles can be defined, and SSO groups can man be mapped to roles. +it has unrestricted access to the system. RBAC requires [SSO configuration](user-management/index.md) or [one or more local users setup](user-management/index.md). +Once SSO or local users are configured, additional RBAC roles can be defined, and SSO groups or local users can man be mapped to roles. ## Basic Built-in Roles diff --git a/docs/operator-manual/user-management/index.md b/docs/operator-manual/user-management/index.md index f28757210c..69187a9407 100644 --- a/docs/operator-manual/user-management/index.md +++ b/docs/operator-manual/user-management/index.md @@ -14,6 +14,9 @@ login history etc. So if you need such features it is strongly recommended to us !!! warning "Make sure to read about security limitations related to local users in [security considerations](../../security_considerations.md) document" +!!! note + When you create local users, each of those users will need additional [RBAC rules](../rbac.md) set up, otherwise they will fall back to the default policy specified by `policy.default` field of the `argocd-rbac-cm` ConfigMap. + ### Create new user New users should be defined in `argocd-cm` ConfigMap: