hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-18 15:33:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update roles.md in line with review

Browse Source
This commit is contained in:
Deborah Udoh
2022-10-10 18:03:13 +01:00
committed by GitHub
parent ed71aead2b
commit 835fe8be8f
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/source/rbac/roles.md
View File

@@ -1,3 +1,4 @@
(roles)=
# Roles # Roles
JupyterHub provides four (4) roles that are available by default: JupyterHub provides four (4) roles that are available by default:
@@ -40,6 +41,7 @@ A group does not require any role, and has no roles by default. If a user is a m
**Tokens** \ **Tokens** \
A tokens permissions are evaluated based on their owning entity. Since a token is always issued for a user or service, it can never have more permissions than its owner. If no specific scopes are requested for a new token, the token is assigned the scopes of the `token` role. A tokens permissions are evaluated based on their owning entity. Since a token is always issued for a user or service, it can never have more permissions than its owner. If no specific scopes are requested for a new token, the token is assigned the scopes of the `token` role.
(define-role-target)=
## Defining Roles ## Defining Roles
Roles can be defined or modified in the configuration file as a list of dictionaries. An example: Roles can be defined or modified in the configuration file as a list of dictionaries. An example:
@@ -107,6 +109,7 @@ If no scopes are defined for _new role_, JupyterHub will raise a warning. Provid
In case the role with a certain name already exists in the database, its definition and scopes will be overwritten. This holds true for all roles except the `admin` role, which cannot be overwritten; an error will be raised if trying to do so. All the role bearers permissions present in the definition will change accordingly. In case the role with a certain name already exists in the database, its definition and scopes will be overwritten. This holds true for all roles except the `admin` role, which cannot be overwritten; an error will be raised if trying to do so. All the role bearers permissions present in the definition will change accordingly.
(overriding-default-roles)=
### Overriding Default Roles ### Overriding Default Roles
Role definitions can include those of the "default" roles listed above (admin excluded), Role definitions can include those of the "default" roles listed above (admin excluded),
@@ -146,6 +149,7 @@ c.JupyterHub.load_roles = [
] ]
``` ```
(removing-roles-target)=
## Removing Roles ## Removing Roles
Only the entities present in the role definition in the `jupyterhub_config.py` remain the role bearers. If a user, service or group is removed from the role definition, they will lose the role on the next startup. Only the entities present in the role definition in the `jupyterhub_config.py` remain the role bearers. If a user, service or group is removed from the role definition, they will lose the role on the next startup.