Update security/README.md with CLM layer and new scenarios #47
Description
Context
The security overview page needs to reference the new CLM features and link to the new documentation pages (#1426 in Console repo).
Changes Needed
Security Layers Diagram
Add CLM as layer 4.5 (between SPE Security Hardening and Logging):
4. SPE Security Hardening
- Session Elevation (UAC)
- Web service controls
- File upload restrictions
- Delegated access controls
- Restriction Profiles (CLM) <-- NEW
- Remoting API Keys <-- NEW
- Trusted Script Registry <-- NEW
- Item Path Restrictions <-- NEW
5. Logging and Monitoring
New Scenario
Add "Scenario 5: Securing Remoting with Restriction Profiles":
- Choose a restriction profile (read-only, read-only-strict, content-editor)
- Configure profile on remoting service
- Optionally create API Keys for per-consumer profiles
- Enable audit mode first for dry-run validation
- Switch to enforce mode after validating audit logs
- Configure item path restrictions for sensitive content
Quick Start Section
Add CLM to the quick start flow after Web Services.
Documentation Navigation
Add links to new pages:
- Securing remoting endpoints? See Restriction Profiles
- Per-consumer credentials? See API Keys
- Trusting built-in functions? See Trusted Scripts
Core Security Topics
Add entries for the new pages under the existing topic list.
Related
- Depends on Console repo feature/clm branch (#1426)
- Depends on: Add Restriction Profiles page (security/restriction-profiles.md) #41, Add API Keys page (security/api-keys.md) #42, Add Trusted Scripts page (security/trusted-scripts.md) #43, Add Item Path Restrictions page (security/item-path-restrictions.md) #44