Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

hyperlinked each role from permissions page reference #335

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
hyperlinked each role from permissions page
Signed-off-by: Ayush Ukhalkar <ayushuk98@gmail.com>
iushdoescode committed Jul 27, 2024
commit 2f8f0ee784e2136a2b0fcb2dec562730791617eb
91 changes: 48 additions & 43 deletions content/en/cloud/security/roles/_index.md
Original file line number Diff line number Diff line change
@@ -14,7 +14,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con
## Provider Admin Role

{{< cardpane >}}
{{% card header="### Provider Admin Role" %}}
{{% card header="<a href='https://docs.layer5.io/cloud/reference/default-permissions/#Provider+Admin' target='_blank'>Provider Admin Role</a>" %}}
![role-provider](/cloud/security/images/role-provider-admin.svg)
{{% /card %}}
{{% card %}}
@@ -52,12 +52,12 @@ Roles map permissions to users. Roles contain any number of keychains, which con

{{< cardpane >}}
{{% card %}}
![organization-administrator](/cloud/security/images/organization-roles.svg)
![organization-administrator and manager](/cloud/identity/images/organization-administrator-and-organization-billing-manager.svg)
{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="### Organization Administrator" %}}
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Org+Admin' target='_blank'>Organization Administrator</a>" %}}

**What is the purpose of this role?**

@@ -81,7 +81,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con
- Organization Owner

{{% /card %}}
{{% card header="### Organization Billing Manager" %}}
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Org+Billing+Manager' target='_blank'>Organization Billing Manager</a>" %}}

**What is the purpose of this role?**

@@ -120,12 +120,12 @@ For more information, see [Organization](/cloud/identity/organizations).

{{< cardpane >}}
{{% card %}}
![workspace-administrator](/cloud/security/images/workspace-roles.svg)
![workspacea-administrator-and-workspace-manager](/cloud/identity/images/workspace-administrator-and-workspace-manager.svg)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have since then removed the workspace manager role and this change isn't needed now.

{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="### Workspace Administrator" %}}
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Workspace+Admin' target='_blank'>Workspace Administrator</a>" %}}

**What is the purpose of this role?**

@@ -148,6 +148,29 @@ For more information, see [Organization](/cloud/identity/organizations).

- Organization Administrators or Workspace Owner

{{% /card %}}
{{% card header="### Workspace Manager" %}}

**What is the purpose of this role?**

- Management and administration of the various workspace resources

**Who can assign this role?**

- Organization Administrators or Workspace Administrators

**When this role is first assigned?**

- Manually by Organization Administrators or Workspace Administrators

**How many instances of these roles?**

- Min: 0, Max: many

**Who can remove assignment of this role?**

- Organization Administrators or Workspace Administrators

{{% /card %}}
{{< /cardpane >}}

@@ -163,12 +186,12 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of

{{< cardpane >}}
{{% card %}}
![team-administrators](/cloud/security/images/team-roles.svg)
![team-admins-and-manager](/cloud/identity/images/team-admins-and-team-managers.svg)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here. Team Manager role has also been deleted.

{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="### Team Administrator" %}}
{{% card header="<a href='https://docs.layer5.io/cloud/reference/default-permissions/#Team+Admin' target='_blank'>Team Administrator</a>" %}}
**What is the purpose of this role?**

- Administration of teams
@@ -183,52 +206,34 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of
- By default, the first Team Admin is owner (the team creator)

**How many instances of these roles?**
Min: 1, Max: many

- Min: 1, Max: many

{{% /card %}}
{{< /cardpane >}}

{{< alert title="Owners as entitlements, not roles" >}}
It's essential to understand that owners are not roles, but entitlements.

Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team.

The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team.

For more information, see [Teams](/cloud/identity/teams).
{{< /alert >}}

## User Role
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was the removal of the user role suggested by a team member?


{{< cardpane >}}
{{% card %}}
![user](/cloud/security/images/user-role.svg)
{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="## User" %}}

{{% card header="### Team Manager" %}}
**What is the purpose of this role?**

- To grant Organization members access to basic features and resources within the context of that Organization.
- Administration of teams (without delete access)

**Who can assign this role?**
**Who can assign and unassign this role?**

- Organization Administrators, Workspace Administrators and Team Administrators
- Organization Administrators or Team Owner

**When this role first assigned?**
**When is this role first assigned?**

- Automatically assigned to members on joining an Organization.
- Manually by Organization Administrator or Team Owner

**How many instances of these roles?**

- Min: 1, Max: many
- Min: 0, Max: many
{{% /card %}}
{{< /cardpane >}}

**Who can remove assignment of this role?**
{{< alert title="Owners as entitlements, not roles" >}}
It's essential to understand that owners are not roles, but entitlements.

- Organization Administrators, Workspace Administrators and Team Administrators
Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team.

{{% /card %}}
{{< /cardpane >}}
The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team.

For more information, see [Teams](/cloud/identity/teams).
{{< /alert >}}
130 changes: 66 additions & 64 deletions layouts/shortcodes/csvtable-roles.html
Original file line number Diff line number Diff line change
@@ -1,68 +1,70 @@
{{ $data := "" }} {{ $p := "static/data/csv/keys.csv" }} {{ $excludedColumns :=
slice 0 10 11 12 13 14 15 16 17 18 }} {{ if os.FileExists $p }} {{ $opts := dict
"delimiter" "," }} {{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }} {{
else }} {{ errorf "Unable to get resource %q" $p }} {{ end }} {{ if $data }} {{
$uniqueCategories := slice }} {{ $stopAddingCategories := false }} {{ range $i,
$header := index $data 1 }} {{ if gt $i 3 }} {{if eq $header "Keychain ID"}} {{
$stopAddingCategories = true }} {{end}} {{ if not $stopAddingCategories }} {{ if
and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }} {{
$uniqueCategories = $uniqueCategories | append $header }} {{ end }} {{ end }} {{
end }} {{end}} {{ range $index, $category := $uniqueCategories }}
<div class="csvtable-div">
<h2>{{ $category }} Role</h2>
<table class="csvtable td-initial">
<thead>
<tr>
{{ range $i, $col := index $data 1 }} {{ if and (not (in
$excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }} {{ if and
(eq $i 1) }}
<th>Permission</th>
{{ else }} {{ if and (eq $i 2) }}
<th>Description</th>
{{ end }}{{ end }} {{ end }} {{ end }}
</tr>
</thead>
<tbody>
{{ range $i, $row := $data }} {{ if gt $i 0 }} {{/* Skip the header row */}}
{{ $hasAccess := false }} {{/* Flag to track if the row has access for the category */}}
{{ $functionValue := "" }} {{/* Variable to hold the Function value */}}
{{ $featureValue := "" }} {{/* Variable to hold the Feature value */}}

{{/* Find the column indices for Category, Function, and Feature */}}
{{ $categoryIndex := -1 }}
{{ $functionIndex := -1 }}
{{ $featureIndex := -1 }}
{{ range $j, $header := index $data 1 }} {{/* Assuming the first row contains headers */}}
{{ if eq $header $category }} {{/* Check if the header matches the current category */}}
{{ $categoryIndex = $j }}
slice 0 10 11 12 13 14 15 16 17 18 }} {{ if os.FileExists $p }} {{ $opts := dict
"delimiter" "," }} {{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }} {{
else }} {{ errorf "Unable to get resource %q" $p }} {{ end }} {{ if $data }} {{
$uniqueCategories := slice }} {{ $stopAddingCategories := false }} {{ range $i,
$header := index $data 1 }} {{ if gt $i 3 }} {{if eq $header "Keychain ID"}} {{
$stopAddingCategories = true }} {{end}} {{ if not $stopAddingCategories }} {{ if
and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }} {{
$uniqueCategories = $uniqueCategories | append $header }} {{ end }} {{ end }} {{
end }} {{end}} {{ range $index, $category := $uniqueCategories }}
<div class="csvtable-div">
<h2 id="{{ $category | urlquery }}">{{ $category }} Role </h2>
<table class="csvtable td-initial">
<thead>
<tr>
{{ range $i, $col := index $data 1 }} {{ if and (not (in
$excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }} {{ if and
(eq $i 1) }}
<th>Permission</th>
{{ else }} {{ if and (eq $i 2) }}
<th>Description</th>
{{ end }}{{ end }} {{ end }} {{ end }}
</tr>
</thead>
<tbody>
{{ range $i, $row := $data }} {{ if gt $i 0 }} {{/* Skip the header row */}}
{{ $hasAccess := false }} {{/* Flag to track if the row has access for the category */}}
{{ $functionValue := "" }} {{/* Variable to hold the Function value */}}
{{ $featureValue := "" }} {{/* Variable to hold the Feature value */}}

{{/* Find the column indices for Category, Function, and Feature */}}
{{ $categoryIndex := -1 }}
{{ $functionIndex := -1 }}
{{ $featureIndex := -1 }}
{{ range $j, $header := index $data 1 }} {{/* Assuming the first row contains headers */}}
{{ if eq $header $category }} {{/* Check if the header matches the current category */}}
{{ $categoryIndex = $j }}
{{ end }}
{{ if eq $header "Function" }}
{{ $functionIndex = $j }}
{{ end }}
{{ if eq $header "Feature" }}
{{ $featureIndex = $j }}
{{ end }}
{{ end }}
{{ if eq $header "Function" }}
{{ $functionIndex = $j }}
{{/* Check if the row has access for the category */}}
{{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }}
{{ $hasAccess = true }}
{{ end }}
{{ if eq $header "Feature" }}
{{ $featureIndex = $j }}
{{/* Get the Function and Feature values if the row has access */}}
{{ if $hasAccess }}
{{ $functionValue = index $row $functionIndex }}
{{ $featureValue = index $row $featureIndex }}
{{ end }}
{{ end }}
{{/* Check if the row has access for the category */}}
{{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }}
{{ $hasAccess = true }}
{{ end }}
{{/* Get the Function and Feature values if the row has access */}}
{{ if $hasAccess }}
{{ $functionValue = index $row $functionIndex }}
{{ $featureValue = index $row $featureIndex }}
{{ end }}
{{/* Print the row if it has access */}}
{{ if $hasAccess }}
<tr>
<td>{{ $functionValue }} </td>
<td>{{ $featureValue }}</td>
</tr>
{{end}}
{{ end }} {{ end }}
</tbody>
</table>
</div>
{{ end }} {{ else }}
<p>No data available.</p>
{{ end }}
{{/* Print the row if it has access */}}
{{ if $hasAccess }}
<tr>
<td>{{ $functionValue }} </td>
<td>{{ $featureValue }}</td>
</tr>
{{end}}
{{ end }} {{ end }}
</tbody>
</table>
</div>
{{ end }} {{ else }}
<p>No data available.</p>
{{ end }}