add roles

git-svn-id: https://svn.apache.org/repos/asf/maven/archiva/trunk@597526 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/archiva-docs/src/site/apt/adminguide/roles.apt b/archiva-docs/src/site/apt/adminguide/roles.apt
index 962303204d06bc252b35e8b09499e7d7e4280602..c819ebc346a90859f39c888653fb1037576f3277 100644 (file)
--- a/archiva-docs/src/site/apt/adminguide/roles.apt
+++ b/archiva-docs/src/site/apt/adminguide/roles.apt
@@ -4,5 +4,41 @@
 
 Understanding Apache Archiva Security Roles
 
-  :STUB: This is a documentation stub.
+  Archiva uses the {{{http://redback.codehaus.org/} Redback}} security framework for managing repository security. When the server is first started,
+  you will be prompted to create an administration user. This user will be given permission to administer all aspects of the system (as well as
+  access to all of the repositories). This user can then be used to grant permissions to other users.
+
+  A guest user is also created by default, and given read access to the default repositories (<<<internal>>> and <<<snapshots>>>). Repositories with
+  guest user access can be accessed without the use of a username and password (or without being logged in to the web interface).
+
+  However, when new repositories are created, by default no permissions are assigned and only the administrators will have access until it is
+  explicitly granted.
+
+  Note that Redback has the concept of inferred roles, so the assignment of some roles will imply other roles (which will be displayed in the web interface).
+
+* Repository Roles
+
+  Archiva contains the following roles for repository access:
+
+    * <Repository Observer>: users with this role can read from the given repository that the role is for (including access through the browse and search features of the
+      web interface)
+
+    * <Repository Manager>: users with this role can write to and administer the given repository that the role is for
+
+    * <Global Repository Observer>: users with this role can read from any repository (including access through the browse and search features of the
+      web interface)
+
+    * <Global Repository Manager>: users with this role can write to and administer any repository in the instance
+
+* General Roles
+
+  Archiva also contains the following general roles for security of the instance:
+
+    * <System Administrator>: full access to all functionality in the system
+
+    * <User Administrator>: ability to create, edit, and grant roles to other users in the system
+
+  The guest and registered user roles do not affect repository access.
+
+~~TODO: walkthrough screens