3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-02 16:30:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

DOCS: Document duplicate routes in Console (#3119) (#3120)

Browse source 
* document duplicate route possibility

* Add section descriptions to "Configure" reference docs

Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
This commit is contained in:
backport-actions-token[bot] 2022-03-09 00:48:05 +00:00 committed by GitHub
parent 88474f7da5
commit beb615a571
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/enterprise/concepts.md
View file

@ -75,6 +75,12 @@ A user with the Viewer role can:
In addition to the access provided by the Viewer role, a Manager can create, read, update, and delete routes, policies, and certificates in a Namespace (as well as its children). A Manager may also reference policies and certificates in the parent Namespace.
::: warning
Managers in any Namespace should note: while creating a route for an [upstream](/docs/glossary.md#upstream-downstream) path prevents additional routes to that path *in the same namespace*, Managers in other namespaces can create alternate routes to the same path.
If you need to ensure that access to a service is only accessible from a single route, consider implementing [Mutual Authentication](/docs/topics/mutual-auth.md) between Pomerium and the upstream service. This can be achieved using one of several methods, including [mTLS](/guides/upstream-mtls.md) and [JWT verification](/guides/jwt-verification.md). You can also utilize a service mesh like [Istio](/guides/istio.html)
:::
#### Admin
An Admin user has permissions across all Namespaces. They can manage global settings, sessions, and service accounts, as well as view events and runtime data.