diff --git a/docs/config.json b/docs/config.json index 206f22d3e8f85..f4f145221f6e7 100644 --- a/docs/config.json +++ b/docs/config.json @@ -440,10 +440,6 @@ { "title": "Reference", "slug": "/access-controls/reference/" - }, - { - "title": "FAQ", - "slug": "/access-controls/faq/" } ] }, @@ -2355,6 +2351,11 @@ "source": "/kubernetes-access/guides/", "destination": "/kubernetes-access/introduction/", "permanent": true + }, + { + "source": "/access-controls/faq/", + "destination": "/access-controls/introduction/", + "permanent": true } ] } diff --git a/docs/pages/access-controls/access-requests/resource-requests.mdx b/docs/pages/access-controls/access-requests/resource-requests.mdx index 03411d4917832..ca65dadb3efbb 100644 --- a/docs/pages/access-controls/access-requests/resource-requests.mdx +++ b/docs/pages/access-controls/access-requests/resource-requests.mdx @@ -1,7 +1,6 @@ --- title: Resource Access Requests description: Teleport allows users to request access to specific resources from the CLI or UI. Requests can be escalated via ChatOps or anywhere else via our flexible Authorization Workflow API. -h1: Teleport Resource Access Requests --- diff --git a/docs/pages/access-controls/faq.mdx b/docs/pages/access-controls/faq.mdx deleted file mode 100644 index 34b05c0ea2fa7..0000000000000 --- a/docs/pages/access-controls/faq.mdx +++ /dev/null @@ -1,27 +0,0 @@ ---- -title: Access Controls FAQ -description: Frequently asked questions about Teleport RBAC ---- - -## What if a node has multiple labels? - -In this case, the access will be granted only if **all of the labels** defined in the -role are present. This effectively means Teleport uses an "AND" operator when evaluating -node-level access using labels. - -## Can I use node-level RBAC with OpenSSH servers? - -No. OpenSSH servers running `sshd` can't label themselves. This is a factor in deciding -to run the Teleport Node Service instead. - -## Why do I see a UUID instead of a hostname when reviewing access requests? - -Resource Access Requests embed the UUID of requested resources in order to ensure -that extra access isn't mistakenly granted due to overlapping hostnames. - -In order for Access Request reviewers to see the hostname, they must either: - -- Have permissions to access the requested server themselves, or -- Have [`preview_as_roles`](./access-requests/resource-requests.mdx#allow-reviewers-to-see-the-hostnames-of-ssh-nodes) - set with a role that can access the server - \ No newline at end of file diff --git a/docs/pages/access-controls/introduction.mdx b/docs/pages/access-controls/introduction.mdx index 4b2fbf3baae31..50c5802b14a25 100644 --- a/docs/pages/access-controls/introduction.mdx +++ b/docs/pages/access-controls/introduction.mdx @@ -74,7 +74,5 @@ achieve compliance with: ## Find out more -Find out more information on Teleport's RBAC features: - -- [Access Controls Reference](./reference.mdx) -- [Frequently Asked Questions](./faq.mdx) +Find out more information on Teleport's RBAC features by reading the [Access +Controls Reference](./reference.mdx). diff --git a/docs/pages/server-access/rbac.mdx b/docs/pages/server-access/rbac.mdx index 58f361b51c399..d3706ef264a3d 100644 --- a/docs/pages/server-access/rbac.mdx +++ b/docs/pages/server-access/rbac.mdx @@ -3,7 +3,6 @@ title: Access Controls for Servers description: Role-based access control (RBAC) for Teleport Server Access. --- - You can use Teleport's role-based access control (RBAC) system to set up granular permissions for authenticating to Linux servers connected to Teleport. @@ -15,6 +14,14 @@ emergency.* For a more general description of Teleport roles and examples see our [Access Controls guides](../access-controls/introduction.mdx), as this section focuses on configuring RBAC for servers connected to Teleport. + + +Teleport's RBAC system does not extend to OpenSSH servers, as it is not possible +to apply labels to servers running `sshd`. You must enable access to these +servers via the Teleport SSH Service instead. + + + ## Role configuration Teleport's "role" resource provides the following instruments for restricting