mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-05 05:16:04 +02:00
* document duplicate route possibility * Add section descriptions to "Configure" reference docs Co-authored-by: Alex Fornuto <afornuto@pomerium.com>
This commit is contained in:
backport-actions-token[bot]
GitHub
parent
88474f7da5
commit
beb615a571
3 changed files with 14 additions and 0 deletions
|
|
@ -75,6 +75,12 @@ A user with the Viewer role can:
|
||||||
|
|
||||||
In addition to the access provided by the Viewer role, a Manager can create, read, update, and delete routes, policies, and certificates in a Namespace (as well as its children). A Manager may also reference policies and certificates in the parent Namespace.
|
In addition to the access provided by the Viewer role, a Manager can create, read, update, and delete routes, policies, and certificates in a Namespace (as well as its children). A Manager may also reference policies and certificates in the parent Namespace.
|
||||||
|
|
||||||
|
::: warning
|
||||||
|
Managers in any Namespace should note: while creating a route for an [upstream](/docs/glossary.md#upstream-downstream) path prevents additional routes to that path *in the same namespace*, Managers in other namespaces can create alternate routes to the same path.
|
||||||
|
|
||||||
|
If you need to ensure that access to a service is only accessible from a single route, consider implementing [Mutual Authentication](/docs/topics/mutual-auth.md) between Pomerium and the upstream service. This can be achieved using one of several methods, including [mTLS](/guides/upstream-mtls.md) and [JWT verification](/guides/jwt-verification.md). You can also utilize a service mesh like [Istio](/guides/istio.html)
|
||||||
|
:::
|
||||||
|
|
||||||
#### Admin
|
#### Admin
|
||||||
|
|
||||||
An Admin user has permissions across all Namespaces. They can manage global settings, sessions, and service accounts, as well as view events and runtime data.
|
An Admin user has permissions across all Namespaces. They can manage global settings, sessions, and service accounts, as well as view events and runtime data.
|
||||||
|
|
|
||||||
|
|
@ -207,8 +207,12 @@ settings:
|
||||||
doc: "Specify if the user can enroll any device identity, or restrict it to a [secure enclave](/docs/topics/device-identity.md#secure-enclaves)."
|
doc: "Specify if the user can enroll any device identity, or restrict it to a [secure enclave](/docs/topics/device-identity.md#secure-enclaves)."
|
||||||
more: '/guides/admin-enroll-device.html'
|
more: '/guides/admin-enroll-device.html'
|
||||||
- name: "Configure"
|
- name: "Configure"
|
||||||
|
doc: |
|
||||||
|
The **Configure** section of the Pomerium Enterprise Console houses settings that affect the entirety of the Console environment, i.e. across all Namespaces. Adjust these settings with care.
|
||||||
settings:
|
settings:
|
||||||
- name: "Settings"
|
- name: "Settings"
|
||||||
|
doc: |
|
||||||
|
The **Settings** section holds global settings that affect how the Pomerium Enterprise Console runs, logs, and communicates. Values set here are applied globally, except for settings documented to override global options.
|
||||||
settings:
|
settings:
|
||||||
- name: "Global"
|
- name: "Global"
|
||||||
settings:
|
settings:
|
||||||
|
|
|
||||||
|
|
@ -9,8 +9,12 @@ meta:
|
||||||
|
|
||||||
# Configure
|
# Configure
|
||||||
|
|
||||||
|
The **Configure** section of the Pomerium Enterprise Console houses settings that affect the entirety of the Console environment, i.e. across all Namespaces. Adjust these settings with care.
|
||||||
|
|
||||||
## Settings
|
## Settings
|
||||||
|
|
||||||
|
The **Settings** section holds global settings that affect how the Pomerium Enterprise Console runs, logs, and communicates. Values set here are applied globally, except for settings documented to override global options.
|
||||||
|
|
||||||
|
|
||||||
### Global
|
### Global
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue