From e8ef5afb5fd4080e4a81602c36977f678362dd9b Mon Sep 17 00:00:00 2001 From: Andy Manoske Date: Thu, 30 Aug 2018 14:20:14 -0700 Subject: [PATCH] namespace docs updates Post-launch clarifications on namespace docs --- .../source/docs/enterprise/namespaces/index.html.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/website/source/docs/enterprise/namespaces/index.html.md b/website/source/docs/enterprise/namespaces/index.html.md index dd349a01b..74cc6e015 100644 --- a/website/source/docs/enterprise/namespaces/index.html.md +++ b/website/source/docs/enterprise/namespaces/index.html.md @@ -44,20 +44,22 @@ Namespaces are isolated environments that functionally exist as "Vaults within a They have separate login paths and support creating and managing data isolated to their namespace. This data includes the following: -- Secret Engine Mounts +- Secret Engines +- Auth Methods - Policies - Identities (Entities, Groups) - Tokens -Namespaces can also be configured to inherit all of this data from a higher *parent* namespace. -This simplifies the deployment of new namespaces, and can be combined with sentinel policies -to prescribe organization-wide infosec policies on tenants. - Rather than rely on Vault system admins, namespaces can be managed by delegated admins who can be prescribed administration rights for their namespace. These delegated admins can also create their own child namespaces, thereby prescribing admin rights on a subordinate group of delegate admins. +Child namespaces can share policies from their parent namespaces. For example, a child namespace +may refer to parent identities (entities and groups) when writing policies that function only +within that child namespace. Similarly, a parent namespace can have policies asserted on child +identities. + ## Setup and Best Practices A [deployment guide](/guides/operations/multi-tenant.html) is available to help guide you