Task #6692

Updated by bmbouter almost 4 years ago

## Background 

 Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another. 

 ## Solution 

 Document this very clearly in these places: 

 1. Above the changelog in [the CHANGES.rst file]( 
 2. To the REST API section of the architecture docs [here]( 
 3. To the REST API docs landing page [here]( 
 4. At the top of the Authentication page [here](