Project

Profile

Help

Task #6692

Updated by bmbouter over 4 years ago

## Background 

 Pulp's REST API does not have Role Based Access Control and so sensistive credentials, e.g. Remote.password, Remote.client_cert, Remote.client_key for example could be set by one user and read by another. 

 ## Solution 

 Document this very clearly in these places: 

 1. Above the changelog in [the CHANGES.rst file](https://raw.githubusercontent.com/pulp/pulpcore/master/CHANGES.rst) 
 2. To the REST API section of the architecture docs [here](https://docs.pulpproject.org/components.html#rest-api) 
 3. To the REST API docs landing page [here](https://docs.pulpproject.org/rest_api.html) 
 4. At the top of the Authentication page [here](https://docs.pulpproject.org/installation/authentication.html)

Back