Optimize (CQA) - Mng content - Content access control#4822
Open
Lennonka wants to merge 2 commits intotheforeman:masterfrom
Open
Optimize (CQA) - Mng content - Content access control#4822Lennonka wants to merge 2 commits intotheforeman:masterfrom
Lennonka wants to merge 2 commits intotheforeman:masterfrom
Conversation
github-actions
Bot
added
Needs tech review
Lennonka
removed
Needs tech review
Lennonka
force-pushed
the
premig-mng-cont-access-control
branch
from
9d3c1cc to
814fb03
Compare
Contributor
Author
|
Rebased on master. |
Lennonka
commented
May 6, 2026
|
The PR preview for 814fb03 is available at theforeman-foreman-documentation-preview-pr-4822.surge.sh The following output files are affected by this PR: |
9 tasks
| [role="_abstract"] | ||
| Activation keys simplify the workflow for some of the content access strategies. | ||
| During registration, you use activation keys to assign content view environments, attach content overrides, and set system purpose attributes so hosts inherit the repository access you intend. | ||
| After registration, adjust access per host or through bulk actions instead of changing the keys. |
Contributor
There was a problem hiding this comment.
I would avoid shortening "activation keys" to "keys":
Suggested change
| After registration, adjust access per host or through bulk actions instead of changing the keys. | |
| After registration, adjust access per host or through bulk actions instead of changing the activation keys. |
|
|
||
| [role="_abstract"] | ||
| Activation keys simplify the workflow for some of the content access strategies. | ||
| During registration, you use activation keys to assign content view environments, attach content overrides, and set system purpose attributes so hosts inherit the repository access you intend. |
Contributor
There was a problem hiding this comment.
If possible, I suggest to leave out system purposes because it's RHEL only. It does not work for EL/Deb/SLES.
|
|
||
| [role="_abstract"] | ||
| A host can access a package or repository only when all of the following conditions are true. | ||
| A host reaches a repository only when that repository is in a content view environment of the host, survives filters, is enabled, and matches any architecture or operating system version restrictions. |
Contributor
There was a problem hiding this comment.
reaches -> can access
"reaches" reminds me too much of network connectivity. "survives" feels off to me in docs.
| {Project} provides a robust set of strategies for controlling what content is accessible to your hosts. | ||
| You can restrict content access by using core mechanisms, such as content views, lifecycle environments, and content overrides. | ||
| You can use activation keys to apply these content access controls during host registration. | ||
| You can cap host access to repositories and packages with lifecycle-bound content views, overrides, composite views, and strict architecture or release rules that you evaluate in a deliberate order. |
Contributor
There was a problem hiding this comment.
"lifecycle-bound" -> should be lifecycle environement or an explanation what a lifecycle in Katello stands for.
| [role="_abstract"] | ||
| To give hosts access to a specific subset of the content managed by {Project}, you can use the following strategies. | ||
| You narrow which repositories and packages registered hosts consume from {Project} by combining content views, lifecycle environments, overrides, and tighter rules where needed. | ||
| Evaluate those options from broad lifecycle design through overrides toward the strictest architecture or release limits. |
Contributor
There was a problem hiding this comment.
What does "broad lifecycle design" mean? I suggest to reword it to include "lifecycle environement" or maybe describe that this is the base set, and then users can apply filters that act as restrictions/options to reduce the set of packages for hosts later on.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changes are you introducing?
Improving the Content access control chapter of Managing content
Why are you introducing these changes? (Explanation, links to references, issues, etc.)
Content Quality Assessment for DITA migration:
Anything else to add? (Considerations, potential downsides, alternative solutions you have explored, etc.)
Contributor checklists
Please cherry-pick my commits into: