commit d1f761017c4fd425bd8c90090db77dfad4872a6a
author Shawn McKinney <smckinney@apache.org> Sat Mar 16 10:20:37 2019 -0500
committer Shawn McKinney <smckinney@apache.org> Sat Mar 16 10:20:37 2019 -0500
tree 591f2a988678bcca582d8157b717c2d3f5c87648
parent 3fdae9fe8e38e299165a6da0937952bfb01d93a5

Describe arbac02 checks

README.md

diff --git a/README.md b/README.md
index dfa6c0d..2b0d34b 100644
--- a/README.md
+++ b/README.md
@@ -414,11 +414,11 @@
 
 Some example ranges that can be derived:
 
-a. [A, CTO] is the full set: {CTO, ENG, QC, E1, E2, Q1, Q2, DA, QA, A}.
-b. (A, CTO) is the full set, minus the endpoints: {ENG, QC, E1, E2, Q1, Q2, DA, QA}.
-c. [A, ENG] includes: {A, DA, E1, E2, ENG}
-d. [A, ENG) includes: {A, DA, E1, E2}
-etc...
+ * [A, CTO] is the full set: {CTO, ENG, QC, E1, E2, Q1, Q2, DA, QA, A}. 
+ * (A, CTO) is the full set, minus the endpoints: {ENG, QC, E1, E2, Q1, Q2, DA, QA}. 
+ * [A, ENG] includes: {A, DA, E1, E2, ENG}, 
+ * [A, ENG) includes: {A, DA, E1, E2}. 
+ * etc... 
 
 So, for an administrator to be able to target a role in one of the specified APIs above, at least one of their activated admin roles must pass the role range test.  There are currently two roles
 created by the security policy in this project, that are excluded from this type of check: