Merge pull request #590 from joewxboy/issue-589

Issue 589: Added another link to RBAC
open-horizon · Oct 1, 2024 · 26a223e · 26a223e
2 parents 9bfa2f6 + 8e9cf21
commit 26a223e
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/docs/user_management/security.md b/docs/user_management/security.md
@@ -25,7 +25,7 @@ has_toc: false
 {{site.data.keyword.edge_notm}} ({{site.data.keyword.ieam}}), based on [Open Horizon ](https://github.com/open-horizon){:target="_blank"}{: .externalLink}, uses several security technologies to ensure that it is secure against attacks and safeguards privacy. For more information about {{site.data.keyword.ieam}} security and roles, see:
 
 * [Security and privacy](./security_privacy.md)
-* [Role-based access control](./rbac.html)
+* [Role-based access control](./rbac.md)
 * [{{site.data.keyword.edge_notm}} considerations for GDPR readiness](./gdpr.md)
 * [Certificates](../user_management/certificates.md)
 * [Disaster recovery](../user_management/disaster_recovery.md)

diff --git a/docs/user_management/security_privacy.md b/docs/user_management/security_privacy.md
@@ -1,8 +1,8 @@
 ---
 
 copyright:
-years: 2021 - 2023
-lastupdated: "2023-05-01"
+years: 2021 - 2024
+lastupdated: "2024-10-01"
 title: "Security and privacy"
 
 parent: Security
@@ -66,7 +66,7 @@ A compromised {{site.data.keyword.agbot}} can attempt to propose malicious workl
 
 ## Privileged mode services
 {: #priv_services}
-On a host machine, some tasks can only be performed by an account with root access. The equivalent for containers is privileged mode. While containers generally do not need privileged mode on the host, there are some use cases where it is required. In {{site.data.keyword.ieam}} you have the ability to specify that an application service should be deployed with privileged process execution enabled. By default, it is disabled. You must explicitly enable it in the [deployment configuration](https://github.com/open-horizon/anax/blob/master/docs/deployment_string.md){:target="_blank"}{: .externalLink} of the respective Service Definition file for each service that needs to run in  this mode. And further, any node on which you want to deploy that service must also explicitly allow privileged mode containers. This ensures that node owners have some control over which services are executing on their edge nodes. For an example of how to enable privileged mode policy on an edge node, see [privileged node policy](https://github.com/open-horizon/anax/blob/master/cli/samples/privileged_node_policy.json){:target="_blank"}{: .externalLink}. If the service definition or one of its dependencies requires privileged mode, the node policy must also allow privileged mode, or else none of the services will not be deployed to the node. For an indepth discussion of privileged mode see [What is privileged mode and do I need it?](https://wiki.lfedge.org/pages/viewpage.action?pageId=44171856){:target="_blank"}{: .externalLink}.
+On a host machine, some tasks can only be performed by an account with root access. The equivalent for containers is privileged mode. While containers generally do not need privileged mode on the host, there are some use cases where it is required. In {{site.data.keyword.ieam}} you have the ability to specify that an application service should be deployed with privileged process execution enabled. By default, it is disabled. You must explicitly enable it in the [deployment configuration](https://github.com/open-horizon/anax/blob/master/docs/deployment_string.md){:target="_blank"}{: .externalLink} of the respective Service Definition file for each service that needs to run in  this mode. And further, any node on which you want to deploy that service must also explicitly allow privileged mode containers. This ensures that node owners have some control over which services are executing on their edge nodes. For an example of how to enable privileged mode policy on an edge node, see [privileged node policy](https://github.com/open-horizon/anax/blob/master/cli/samples/privileged_node_policy.json){:target="_blank"}{: .externalLink}. If the service definition or one of its dependencies requires privileged mode, the node policy must also allow privileged mode, or else none of the services will not be deployed to the node. For an indepth discussion of privileged mode see [What is privileged mode and do I need it?](https://wiki.lfedge.org/pages/viewpage.action?pageId=44171856){:target="_blank"}{: .externalLink}.  See also [RBAC](./rbac.md).
 
 ## Denial-of-service attack
 {: #denial}