-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0c4a605
commit b183d15
Showing
17 changed files
with
189 additions
and
61 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,126 @@ | ||
--- | ||
title: Roles and permissions | ||
--- | ||
|
||
To give users access to projects and services in your organizations, you can grant them permissions and roles. You grant access to principals at the project level: | ||
|
||
* **Permissions**: Actions that a principal can perform on a resource or group of resources. | ||
* **Role**: A set of permissions that assigned to a principal. | ||
|
||
Principals are organization users, application users, and groups. Resources are any | ||
object in the platform such as users, projects, logs, and features. | ||
|
||
To grant users access to resources at the organization level, you can | ||
make them super admin. Limit the number of users with this role as it | ||
gives unrestricted access to all organization resources including billing, | ||
admin, and all projects and services. | ||
|
||
<!-- | ||
To give users access to your organization's resources, you can grant them permissions and roles. You can grant these at the organization and project level. | ||
When you grant permissions and roles at the organization level, you give users access | ||
to all projects and services within your organization. You can limit the scope by | ||
granting permissions and roles for specific projects. | ||
## Organization permissions | ||
Super admin, other roles. | ||
--> | ||
|
||
## Project permissions | ||
|
||
You can grant the following permissions to users, application users, and groups. | ||
The actions listed for each permission apply to the project and all services within | ||
it. | ||
|
||
### Manage service deployments | ||
|
||
- Create and delete services | ||
- Power on and off services | ||
- Fork databases | ||
- Add and remove DDS | ||
- Activate and deactivate tiered storage | ||
- Change service plans | ||
- Change cloud providers and regions | ||
|
||
#### Manage connection secrets | ||
|
||
- Create and delete service user passwords | ||
- Change and reset service user passwords | ||
- View service user passwords | ||
- Create and delete keys | ||
- Change keys | ||
- View keys | ||
|
||
### Manage integrations | ||
|
||
- Add and delete integration endpoints | ||
- Change integration endpoints | ||
- Add and remove service integrations | ||
- View integration secrets | ||
|
||
### Maintain services | ||
|
||
- Apply maintenance updates | ||
- Change maintenance window | ||
- Upgrade service versions | ||
|
||
### Manage networking | ||
|
||
- Change cloud providers and regions | ||
- Set public IP filters | ||
- Add and modify network configuration options | ||
- Manage static IP addresses | ||
|
||
### Manage service users | ||
|
||
- Action | ||
- Action | ||
|
||
### Recover services | ||
|
||
### Query services | ||
|
||
### Configure services | ||
|
||
### View services | ||
|
||
### View service integrations | ||
|
||
### View ... | ||
|
||
|
||
|
||
|
||
## Roles | ||
|
||
### Admin | ||
|
||
Admin have full access to the project and its services. Every project has at least | ||
one admin user. This role is automatically granted to users who create a project. | ||
Project admin do not have access to organization settings such as billing unless | ||
they are also a [super admin](/docs/platform/howto/make-super-admin). | ||
|
||
### Operator | ||
|
||
- Create and delete services | ||
- Power on and off services | ||
- Apply maintenance updates | ||
- Change maintenance windows | ||
- ... | ||
|
||
|
||
### Developer | ||
|
||
- Create databases | ||
- Connect to databases | ||
- Remove Aiven for OpenSearch® indexes | ||
- Create and change Aiven for Apache Kafka® topics | ||
- Create and change Aiven for PostgreSQL® connection pools | ||
- Create and change service database users | ||
|
||
### Read-only | ||
|
||
View all services and ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
--- | ||
title: Manage roles and permissions | ||
--- | ||
|
||
import ConsoleLabel from "@site/src/components/ConsoleIcons" | ||
|
||
Introduction | ||
|
||
## Add users and groups to projects | ||
|
||
Users can be added individually or as part of a user | ||
[group](/docs/platform/howto/list-groups): | ||
|
||
1. In the project, click <ConsoleLabel name="projectpermissions"/>. | ||
|
||
1. Click **Add users** and select **Add users** or **Add groups**. | ||
|
||
1. Select the users or groups to add to the project. | ||
<!-- vale off --> | ||
1. Select a **Role**. The [role](/docs/platform/reference/project-member-privileges) | ||
will be assigned to all users in all selected groups. | ||
|
||
1. Click **Add users** or **Add groups**. | ||
## Change permissions for a user or group | ||
|
||
1. Org > Project | ||
1. Permissions | ||
1. Actions > Change role | ||
1. ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters