diff --git a/doc/user-guide-admin/section_dashboard_admin_manage_projects_security.xml b/doc/user-guide-admin/section_dashboard_admin_manage_projects_security.xml index d106783d8f..6d7a125365 100644 --- a/doc/user-guide-admin/section_dashboard_admin_manage_projects_security.xml +++ b/doc/user-guide-admin/section_dashboard_admin_manage_projects_security.xml @@ -5,15 +5,16 @@ xml:id="dashboard_manage_projects_security"> Manage project security - Security groups are sets of IP filter rules that define - networking access and are applied to all project instances. - Group rules are project specific; project members can edit - the default rules for their group and add new rule sets. - All projects have a default security - group that is applied to any instance that has no other - defined security group. Unless you change the default, this - security group denies all incoming traffic and allows only - outgoing traffic to your instance. + Security groups are sets of IP filter rules that define networking + access and are applied to all instances within a project. Group rules + are project-specific; project members can edit the default rules for + their group and add new rule sets. + All projects have a default security group that is applied to any + instance that has no other defined security group. When unmodified, the + default security group denies all incoming traffic and allows only + outgoing traffic to your instance. A common use case is to edit the + default security group to permit SSH access and ICMP access, so that + users can log into and ping instances. For information about updating global controls on the command line, see Create a security group - Log in to the dashboard as a project - member. + Log in to the dashboard as a project member. - On the Project tab, select - the appropriate project from the CURRENT - PROJECT drop-down list, and click - the Access & - Security category. + Select a project from the drop-down menu at the top of the screen. + + + On the Project tab, click the + Access & Security + category. On the Security Groups tab, @@ -51,187 +52,170 @@ Add a security group rule - Log in to the dashboard as a project - member. + Log in to the dashboard as a project member. - On the Project tab, select - the appropriate project from the CURRENT - PROJECT drop-down list, and click - the Access & - Security category. + Select a project from the drop-down menu at the top of the + screen. - On the Security Groups tab, - click Edit rules for the - appropriate security group. + On the Project tab, click the + Access & Security + category. - To add a rule, click Add - Rule. Set the attributes for the rule, - and click Add: + On the Security Groups tab, click + Manage rules for the appropriate + security group. + + + To add a rule, click Add Rule. Set + the attributes for the rule, and click + Add. + The following attributes can be configured: - - - - IP Protocol - - The IP protocol to which - the rule applies: - - - TCP.Typically - used to exchange data between - systems, and for end-user - communication. - - - UDP. - Typically used to exchange data - between systems, particularly at - the application level. - - - ICMP. - Typically used by network devices, - such as routers, to send error or - monitoring messages. - - - - - + - Open + Open Port - For TCP or UDP rules, the - Port or - Port Range to - open for the rule. Choose to open a - single port or range of ports. - For a range of ports, enter port + The Port or + Port Range to open for + the rule. This option is available only when + Custom TCP Rule or + Custom UDP Rule is + selected. + + + For a range of ports, enter port values in the From Port and To Port fields. - For a single port, enter the port + + + For a single port, enter the port value in the Port field. + + - - + - Source + Remote The source of the traffic for this rule: - CIDR - (Classless Inter-Domain Routing). - IP address block, which limits - access to IPs within the block. - Enter the CIDR in the - Source - field. + CIDR (Classless + Inter-Domain Routing). When selected, + access is limited only to IP addresses + within the specified block. When + selected, enter the CIDR in the + CIDR field. - Security - Group. Source group that - enables any instance in the group - to access any other group - instance. + Security Group. + When selected, any instance in the + selected security group can access any + other group instance. When selected, + choose the Security + Group and the Ether + Type, which can be either + IPv4 or + IPv6. - - @@ -240,24 +224,26 @@ Delete a security group rule - Log in to the dashboard as a project - member. + Log in to the dashboard as a project member. - On the Project tab, select - the appropriate project from the CURRENT - PROJECT drop-down list, and click - the Access & - Security category. + Select a project from the drop-down menu at the top of the + screen. - On the Security Groups tab, - click Edit rules for the - appropriate security group. + On the Project tab, click the + Access & Security + category. + + + On the Security Groups tab, click + Manage rules for the appropriate + security group. To delete a rule, select the rule and click - Delete Rule. + Delete Rule and confirm that you + want to delete the rule. @@ -265,21 +251,22 @@ Delete a security group - Log in to the dashboard as a project - member. + Log in to the dashboard as a project member. - On the Project tab, select - the appropriate project from the CURRENT - PROJECT drop-down list, and click - the Access & Security + Select a project from the drop-down menu at the top of the + screen. + + + On the Project tab, click the + Access & Security category. - On the Security Groups tab, - select the appropriate group, and click - Delete Security - Group. + On the Security Groups tab, select + the appropriate group, and click Delete Security + Group and confirm that you want to delete + the group. diff --git a/doc/user-guide-admin/section_dashboard_admin_manage_projects_users.xml b/doc/user-guide-admin/section_dashboard_admin_manage_projects_users.xml index f6aa6386b7..57aecb1e8e 100644 --- a/doc/user-guide-admin/section_dashboard_admin_manage_projects_users.xml +++ b/doc/user-guide-admin/section_dashboard_admin_manage_projects_users.xml @@ -5,60 +5,35 @@ xml:id="dashboard_manage_projects_users"> Manage projects and users - As a cloud administrator, you manage both projects and - users. Projects are organizational units in the cloud to which - you can assign users. Projects are also known as tenants or accounts.You can manage projects - and users independently from each other. - Users are members of one or more projects. - During cloud set up, the operator defines at least one - project, user, and role. The operator links the role to the - user and the user to the project. Roles define the actions - that users can perform. As an administrator, you can create - additional projects and users as needed. - Learn how to add, update, and delete projects and users, - assign users to one or more projects, and change or remove the - assignment. To enable or temporarily disable a project or - user, update that project or user. You can also change quotas - at the project level. For information, see . - When you create a user account, you must assign the account - to a primary project. Optionally, you can assign the account - to additional projects. Before you can delete a user account, - you must remove the user account from its primary - project. -
- Consequences of disabling projects and users - When you disable a project, it has the following - consequences: - - - In the dashboard, users can no longer access the - project from the CURRENT - PROJECT drop-down list on the - Project tab. - - - Users who are members of only the disabled - project can no longer log in. - - - You cannot launch instances for a disabled - project. Instances that are already running are - not automatically terminated though—you must stop - them manually. - - - The data for a disabled project is maintained so - that you can enable the project again at any - time. - - - When you disable a user account, the user can no longer - log in, but the data for the user is maintained so that - you can enable the user again at any time. -
+ As an OpenStack cloud administrator, you manage both + projects and users, which can be managed independently from + each other. Projects, also known as tenants or accounts, are organizational units in the + cloud to which you can assign users. Users also have roles + that determine their level of access to the project, and may + have different roles in different projects. + When the cloud is initially created, the operator defines at + least one project, user, and role. + As an administrator, you can create additional projects and users as + needed. This section documents the following project and user + administration tasks: + + + Adding, updating, and deleting projects and + users. + + + Assigning users to one or more projects, and changing or + removing the assignment. + + + Enabling or temporarily disabling a project or + user. + + + You can also change quotas at the project level. For information, see + .
Create a project @@ -66,11 +41,12 @@ Log in to the dashboard and choose the admin project from the CURRENT PROJECT drop-down - list. + list at the top of the screen. - On the Admin tab, click the - Projects category. + In the Admin tab, open the + Identity Panel and click + on Projects. Click Create @@ -95,8 +71,8 @@ Click Create Project. - The Projects category shows - the project, including its assigned ID. + The Projects list shows the + project, including its assigned ID.
@@ -106,12 +82,12 @@ description, and enable or temporarily disable it. - On the Admin tab, click the - Projects category. + In the Admin tab, open the + Identity Panel and click + on Projects. - Select the project that you want to update. - + Select the project that you want to update. In the More drop-down list, @@ -132,6 +108,34 @@ Click Save. +
+ Consequences of disabling projects + When you disable a project, it has the following + consequences: + + + In the dashboard, users can no longer access the + project from the CURRENT + PROJECT drop-down list on the + Project tab. + + + Users who are members of only the disabled + project can no longer log in. + + + You cannot launch instances for a disabled + project. Instances that are already running are + not automatically terminated though—you must stop + them manually. + + + The data for a disabled project is maintained so + that you can enable the project again at any + time. + + +
Modify user assignments for a project @@ -142,16 +146,14 @@ assignments. - On the Admin tab, select - the Projects category. + In the Admin tab, open the + Identity Panel and click + on Projects. - Select a project to modify its user - assignments. - - - Select Modify - Users. + Click the Modify Users + button for the project that you want to + modify. The Edit Project window shows the following lists of users: @@ -163,7 +165,7 @@ Project Members. Users that are assigned to the current - project, + project.
@@ -206,30 +208,34 @@ Projects category. - Select the projects that you want to delete. - + Select the projects that you want to delete. Click Delete Projects to confirm the deletion. - + You cannot undo the delete action. - +
Create a user account + When you create a user account, you must assign the account to a + primary project. You also have the option of assigning the account + to additional projects. Before you can delete a user account, you + must remove the user account from its primary project. Log in to the dashboard and choose the admin project from the CURRENT PROJECT drop-down - list. + list at the top of the screen. - On the Admin tab, select - the Users category. + In the Admin tab, open the + Identity Panel and click + on Users. Click Create User. @@ -257,19 +263,22 @@
Disable or enable a user + When you disable a user account, the user can no longer log in. + However, the data for the user is maintained so that you can enable + the user again at any time. - On the Admin tab, select - the Users category. + In the Admin tab, open the + Identity Panel and click + on Users. - Select the user that you want to disable or - enable. You can disable or enable only one user at - a time. + Locate the user that you want to disable or + enable in the Users list. - In the Actions drop-down - list, select Disable User or + In the More drop-down list, + select Disable User or Enable User. In the Enabled column, the enabled value updates to either diff --git a/doc/user-guide/section_dashboard_access_and_security.xml b/doc/user-guide/section_dashboard_access_and_security.xml index cb9f03febd..3456d6d7ee 100644 --- a/doc/user-guide/section_dashboard_access_and_security.xml +++ b/doc/user-guide/section_dashboard_access_and_security.xml @@ -5,12 +5,12 @@ xml:id="Launching_Instances_using_Dashboard"> Configure access and security for instances - Before you launch an instance, you should add security group - rules to enable users to ping and use SSH to connect to the - instance. To do so, you either add rules to the - default security group or add a security group with - rules. + Before you launch an instance, you should add security group rules to + enable users to ping and use SSH to connect to the instance. Security + groups are sets of IP filter rules that define networking access and are + applied to all instances within a project. To do so, you either add rules to the default + security group or add a new security group with rules. Key pairs are SSH credentials that are injected into an instance when it is launched. To use key pair injection, the image that the instance is based on must contain the