From 9756955a3b6bf7d373f407d719fc2a8f1e95dbfe Mon Sep 17 00:00:00 2001 From: shavidissa Date: Wed, 3 Jan 2024 15:27:30 -0800 Subject: [PATCH] update the content and add abck to the top button --- pages/doc/csp_security_policy.md | 42 ++++++++++++++++++++++++++------ pages/doc/security_policy.md | 40 ++++++++++++++++++++++++++---- 2 files changed, 70 insertions(+), 12 deletions(-) diff --git a/pages/doc/csp_security_policy.md b/pages/doc/csp_security_policy.md index b322f3108..98682dd3c 100644 --- a/pages/doc/csp_security_policy.md +++ b/pages/doc/csp_security_policy.md @@ -71,13 +71,13 @@ For example, assume you have two traces security rules: BlockPaymentService 2 -All spans that include the myapp.payment* data. +All spans that include the myapp.payment.* data. All accounts AllowPaymentData 1 -All spans that include the myapp.payment* data. +All spans that include the myapp.payment.* data. All accounts in Finance group @@ -89,6 +89,12 @@ After the rules are in force, only the users in the Finance group can: * See the RED metrics for the Payment service on the Operations Dashboard. * See the trace data that includes the payments service on the Traces Browser. + + + + +
 click for top of page
+ ## Rule Priority and Rule Pairs Rules are evaluated in priority order. In many cases, it's useful to think of pairs of rules, for example: @@ -116,6 +122,12 @@ Rules are evaluated in priority order. In many cases, it's useful to think of pa When you apply this policy, the users included in the user group will have access to the metrics starting with the `cpu.` prefix and point tag `env=dev`, because the **Allow metrics** rule overrides the **Block all** rule. + + + + +
 click for top of page
+ ## Metrics Security Policy You can block sensitive metrics data from time series, histograms, RED metrics, and delta counters so that they don't show on charts and dashboards, and alerts. @@ -237,7 +249,7 @@ You create a metrics security policy rule following these steps. See the annotat * If you want to specify multiple key=value pairs, select whether you want to combine them with `and` or `or` using the dropdown menu on the right. 1. Specify the Access definition for the rule. 1. Select **Allow** or **Block** from the menu. - 2. Specify accounts, groups, or roles. + 2. Specify accounts, or groups. 1. Click **OK.** @@ -311,6 +323,11 @@ With this policy in place: * Members of the `Admins` group are granted access to all metrics (Rule 3). * Users who don’t belong to the groups covered by the rules have no access. + + + + +
 click for top of page
## Traces Security Policies @@ -387,7 +404,7 @@ You create a traces security policy rule following these steps. See the annotate `supermarket.vegtables*` - Using this prefix format, you can block or allow the trace operations data of all the services that start with `vegetables`. In this example, the traces operation data of the `vegetablesGreen` and `vegetablesRed` services can be blocked or shown to specific users. + Using this prefix format, you can block or allow the data of all the services that start with `vegetables`. In this example, the data of the `vegetablesGreen` and `vegetablesRed` services can be blocked or shown to specific users. @@ -398,13 +415,13 @@ You create a traces security policy rule following these steps. See the annotate `supermarket.vegtablesGreen.*` - Using this prefix format, you can allow or block the traces operations data of the `supermarket` applications `egtablesGreen` service, which includes the `add` and `purchased` operations. + Using this prefix format, you can allow or block the data of the `supermarket` applications `vegtablesGreen` service, which includes the `add` and `purchased` operations. 1. Specify the Access definition for the rule. 1. Select **Allow** or **Block** from the menu. - 2. Specify accounts, groups, or roles. + 2. Specify accounts or groups. 1. Click **OK.** @@ -430,6 +447,11 @@ The screenshots below show you how the blocked trace data does not show up for a * Application Map: The Super Admin user can see the passenger service on the Application Map, while the other user, who belongs to the Everyone group, cannot see the passenger service on the Application Map. ![A screenshot of how the Super Admin user and a user that belongs to the everyone group sees data on the application map.](images/traces_security_policy_example_service_map.png) + + + + +
 click for top of page
## Manage Multiple Security Policy Rules @@ -451,4 +473,10 @@ Here's a tour: 1. Select the check box to the left of a rule to select it, then use the icons above to clone or delete the selected rule. 1. Select the check boxes to the left of multiple rules to select them, use the icons to indicate changes, and click **Save** to commit the changes. 1. Click the six-dot icon to explicitly drag a rule where you want it and change the rule prioritization. -1. If you've moved, cloned, or deleted one or more rules, use the **Undo** button to undo the change, or **Redo** to revert the undo. \ No newline at end of file +1. If you've moved, cloned, or deleted one or more rules, use the **Undo** button to undo the change, or **Redo** to revert the undo. + + + + + +
 click for top of page
\ No newline at end of file diff --git a/pages/doc/security_policy.md b/pages/doc/security_policy.md index 271cd7262..1ab2cc2fb 100644 --- a/pages/doc/security_policy.md +++ b/pages/doc/security_policy.md @@ -101,7 +101,7 @@ For example, assume you have two traces security rules: 2 - All spans that include the myapp.payment* data. + All spans that include the myapp.payment.* data. All accounts @@ -118,7 +118,7 @@ For example, assume you have two traces security rules: 1 - All spans that include the myapp.payment* data. + All spans that include the myapp.payment.* data. All accounts in Finance group @@ -133,6 +133,12 @@ After the rules are in force, only the users in the Finance group can: * See the RED metrics for the Payment service on the Operations Dashboard. * See the trace data that includes the payments service on the Traces Browser. + + + + +
 click for top of page
+ ## Rule Priority and Rule Pairs Rules are evaluated in priority order. In many cases, it's useful to think of pairs of rules, for example: @@ -160,6 +166,12 @@ Rules are evaluated in priority order. In many cases, it's useful to think of pa When you apply this policy, the users included in the user group will have access to the metrics starting with the `cpu.` prefix and point tag `env=dev`, because the **Allow metrics** rule overrides the **Block all** rule. + + + + +
 click for top of page
+ ## Metrics Security Policy You can block sensitive metrics data from time series, histograms, RED metrics, and delta counters so that they don't show on charts and dashboards, and alerts. @@ -368,6 +380,11 @@ With this policy in place: * Members of the `Admins` group are granted access to all metrics (Rule 3). * Users who don’t belong to the groups covered by the rules have no access. + + + + +
 click for top of page
## Traces Security Policies @@ -444,7 +461,7 @@ You create a traces security policy rule following these steps. See the annotate `supermarket.vegtables*` - Using this prefix format, you can block or allow the trace operations data of all the services that start with `vegetables`. In this example, the traces operation data of the `vegetablesGreen` and `vegetablesRed` services can be blocked or shown to specific users. + Using this prefix format, you can allow or block the data of all the services that start with `vegetables`. In this example, the data of the `vegetablesGreen` and `vegetablesRed` services can be blocked or shown to specific users. @@ -455,7 +472,7 @@ You create a traces security policy rule following these steps. See the annotate `supermarket.vegtablesGreen.*` - Using this prefix format, you can allow or block the traces operations data of the `supermarket` applications `egtablesGreen` service, which includes the `add` and `purchased` operations. + Using this prefix format, you can allow or block the data of the `supermarket` applications `vegtablesGreen` service, which includes the `add` and `purchased` operations. @@ -487,6 +504,13 @@ The screenshots below show you how the blocked trace data does not show up for a ![A screenshot of how the Super Admin user and a user that belongs to the everyone group sees data on the application map.](images/traces_security_policy_example_service_map.png) + + + + +
 click for top of page
+ + ## Manage Multiple Security Policy Rules The following annotated screenshot gives an overview of rule management options: @@ -507,4 +531,10 @@ Here's a tour: 1. Select the check box to the left of a rule to select it, then use the icons above to clone or delete the selected rule. 1. Select the check boxes to the left of multiple rules to select them, use the icons to indicate changes, and click **Save** to commit the changes. 1. Click the six-dot icon to explicitly drag a rule where you want it and change the rule prioritization. -1. If you've moved, cloned, or deleted one or more rules, use the **Undo** button to undo the change, or **Redo** to revert the undo. \ No newline at end of file +1. If you've moved, cloned, or deleted one or more rules, use the **Undo** button to undo the change, or **Redo** to revert the undo. + + + + + +
 click for top of page
\ No newline at end of file