From 11295dc55967d19afe7ac48b216823ea3a76f08c Mon Sep 17 00:00:00 2001 From: Agil Antony Date: Thu, 23 Oct 2025 22:01:39 +0530 Subject: [PATCH 1/2] ROX31336 Docs to add RBAC requirements for vulnerability reporting --- ...permissions-for-vulnerability-reports.adoc | 29 +++++++++++++++++++ .../vulnerability-reporting.adoc | 3 ++ 2 files changed, 32 insertions(+) create mode 100644 modules/user-permissions-for-vulnerability-reports.adoc diff --git a/modules/user-permissions-for-vulnerability-reports.adoc b/modules/user-permissions-for-vulnerability-reports.adoc new file mode 100644 index 000000000000..6487ff5ef5c4 --- /dev/null +++ b/modules/user-permissions-for-vulnerability-reports.adoc @@ -0,0 +1,29 @@ +// Module included in the following assemblies: +// +// * operating/manage-vulnerabilities/vulnerability-reporting.adoc + +:_mod-docs-content-type: REFERENCE +[id="user-permissions-for-vulnerability-reports_{context}"] += User permissions for vulnerability reports + +To access and manage vulnerability reporting features in {rh-rhacs-first}, you must have the following permissions: + +.Vulnerability report permissions +[cols="2,4,4", options="header"] +|=== +| Permission Type | Permission Name | Purpose + +| `Image` +| `Read Image` +| Access to the image metadata required for vulnerability reporting. + +| `WorkflowAdministration` +| `Read WorkflowAdministration` +| View the report configurations and report job history. + +| `WorkflowAdministration` +| `Write WorkflowAdministration` +a|* Create and delete report configurations. +* Initiate new report jobs. +* Download the generated reports. +|=== diff --git a/operating/manage-vulnerabilities/vulnerability-reporting.adoc b/operating/manage-vulnerabilities/vulnerability-reporting.adoc index 673a69a1f084..a4a181ca1bdc 100644 --- a/operating/manage-vulnerabilities/vulnerability-reporting.adoc +++ b/operating/manage-vulnerabilities/vulnerability-reporting.adoc @@ -25,6 +25,9 @@ include::modules/vulnerability-management20-report-review-create.adoc[leveloffse //report permissions include::modules/vulnerability-management20-permissions.adoc[leveloffset=+2] +//User permissions for vulnerability reports +include::modules/user-permissions-for-vulnerability-reports.adoc[leveloffset=+3] + //Exporting vulnerability report as a CSV file include::modules/exporting-vulnerability-report-as-a-csv-file.adoc[leveloffset=+2] From 1d6dc89db0a91bb8c3effa09b15c31e0c048e27e Mon Sep 17 00:00:00 2001 From: Agil Antony Date: Fri, 24 Oct 2025 14:15:18 +0530 Subject: [PATCH 2/2] ROX31336 Review comments --- modules/user-permissions-for-vulnerability-reports.adoc | 8 ++++---- .../manage-vulnerabilities/vulnerability-reporting.adoc | 5 +++++ 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/modules/user-permissions-for-vulnerability-reports.adoc b/modules/user-permissions-for-vulnerability-reports.adoc index 6487ff5ef5c4..d774e8ee7067 100644 --- a/modules/user-permissions-for-vulnerability-reports.adoc +++ b/modules/user-permissions-for-vulnerability-reports.adoc @@ -11,18 +11,18 @@ To access and manage vulnerability reporting features in {rh-rhacs-first}, you m .Vulnerability report permissions [cols="2,4,4", options="header"] |=== -| Permission Type | Permission Name | Purpose +| Resource | Permission type | Purpose | `Image` -| `Read Image` +| `Read` | Access to the image metadata required for vulnerability reporting. | `WorkflowAdministration` -| `Read WorkflowAdministration` +| `Read` | View the report configurations and report job history. | `WorkflowAdministration` -| `Write WorkflowAdministration` +| `Write` a|* Create and delete report configurations. * Initiate new report jobs. * Download the generated reports. diff --git a/operating/manage-vulnerabilities/vulnerability-reporting.adoc b/operating/manage-vulnerabilities/vulnerability-reporting.adoc index a4a181ca1bdc..a386364aef97 100644 --- a/operating/manage-vulnerabilities/vulnerability-reporting.adoc +++ b/operating/manage-vulnerabilities/vulnerability-reporting.adoc @@ -28,6 +28,11 @@ include::modules/vulnerability-management20-permissions.adoc[leveloffset=+2] //User permissions for vulnerability reports include::modules/user-permissions-for-vulnerability-reports.adoc[leveloffset=+3] +[role="_additional-resources"] +.Additional resources + +* xref:../../operating/manage-user-access/manage-role-based-access-control-3630.adoc#resource-definitions_manage-role-based-access-control[Resource definitions] + //Exporting vulnerability report as a CSV file include::modules/exporting-vulnerability-report-as-a-csv-file.adoc[leveloffset=+2]