From 5e1146546d42ffe8812c7d7624d4632f42d06384 Mon Sep 17 00:00:00 2001
From: hygienic-books <hygienic-books@tentic.net>
Date: Fri, 23 Sep 2022 22:47:47 +0200
Subject: [PATCH] docs(zabbix): Explain how end users can browse subdirectory
 in Vault's web UI (#1)

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/README.md b/README.md
index 04ca39a..3cd8b04 100644
--- a/README.md
+++ b/README.md
@@ -162,6 +162,13 @@ Get the Vault command-line client via [vaultproject.io/downloads](https://www.va
     2754536
     ```
 
+    Users wishing to browse the `rbacgroup_zabbix` directory structure via Vault's UI will need to manually begin their browsing at `kv/list/for_rbacgroup_zabbix`. Users with higher privileges such as administrators will be able to list all directories underneath the root `kv` object in Vault's web UI. This will include not only `zabbix`-specific data but also directories intended for other users which is why `kv/list` access is not granted to `rbacgroup_zabbix`.
+
+    Their `list` permission only begins one lever deeper at `kv/list/for_rbacgroup_zabbix`. It may make sense to communicate an entrypoint link to end users that - in this case - will look like:
+    ```
+    "${VAULT_ADDR}"'/ui/vault/secrets/kv/list/for_rbacgroup_zabbix/'
+    ```
+
 ## Clean-up
 
 If during any of the above steps you've used the Vault command-line client to authenticate against Vault with your `root` token make sure that client's `~/.vault-token` file is deleted. It contains the verbatim `root` token.