From 7de6b55d945817632aa7492ef1780d18db32ec68 Mon Sep 17 00:00:00 2001 From: marie flores Date: Thu, 31 Oct 2024 11:15:51 +0100 Subject: [PATCH] [docs] WIP: protect sensitive configuration(#216) --- docs/administration/protect-sensitive-configuration.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/administration/protect-sensitive-configuration.md b/docs/administration/protect-sensitive-configuration.md index 422f8098..e4634a08 100644 --- a/docs/administration/protect-sensitive-configuration.md +++ b/docs/administration/protect-sensitive-configuration.md @@ -26,9 +26,10 @@ The sensitive configurations identified are: ## Configuration The configuration is done in the ``default.json`` file. By default, ``platform_protected_sensitive_config`` is disabled. -Once activated, it is possible to activate all or just some of the sensitive configurations. It is also possible to choose which roles / groups / marking definition will be protected. By default, groups /roles / markings built-in are protected. +Once activated, it is possible to activate all or just some of the sensitive configurations. It is also possible to choose which `Roles` / `Groups` / `Marking definition` will be protected. By default, `Groups` / `Roles` / `Markings` built-in are protected. -Once the platform has been launched, a platform administrator can restrict access to sensitive configurations, previously set in ``default.json``, via ``Settings > Security > Roles > Capabilities list``. +Once the platform has been launched, a platform administrator can restrict access to sensitive configurations, previously set in ``default.json``, via ``Settings > Security > Roles > Capabilities list``. Only users with `Allow modification of sensitive configuration` capability enabled will be able to modify sensitive configurations. +By default, newly created roles do not have the capability. ![check_allow_modification_sensitive_conf.png](assets%2Fcheck_allow_modification_sensitive_conf.png)