-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0c4a605
commit cb9d88b
Showing
17 changed files
with
160 additions
and
83 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
--- | ||
title: Roles and permissions | ||
--- | ||
|
||
To give users access to projects and services in your organizations, you can grant them permissions and roles. You grant access to principals at the project level: | ||
|
||
* **Permissions**: Actions that a principal can perform on a resource or group of resources. | ||
* **Role**: A set of permissions that assigned to a principal. | ||
|
||
Principals are organization users, application users, and groups. Resources are any | ||
object in the platform such as users, projects, logs, and features. | ||
|
||
To grant users access to resources at the organization level, you can | ||
make them super admin. Limit the number of users with this role as it | ||
gives unrestricted access to all organization resources including billing, | ||
admin, and all projects and services. | ||
|
||
<!-- | ||
To give users access to your organization's resources, you can grant them permissions and roles. You can grant these at the organization and project level. | ||
When you grant permissions and roles at the organization level, you give users access | ||
to all projects and services within your organization. You can limit the scope by | ||
granting permissions and roles for specific projects. | ||
## Organization permissions | ||
Super admin, other roles. | ||
--> | ||
|
||
## Project and service permissions | ||
|
||
You can grant the following permissions to users, application users, and groups. | ||
The actions listed for each permission apply to the project and all services within | ||
it. | ||
|
||
| Console name | API name | Allowed actions | | ||
| ------------ | -------- | --------------- | | ||
| Manage service deployments | `project:services:write` | Create and delete services <br/> Power services on and off <br/> Add and remove storage <br/> Change service plans <br/> Change cloud regions <br/> Fork services | | ||
| View services | `project:services:read` | View all services and their configuration | | ||
| Manage project integrations | `project:integrations:write` | Add and remove integration endpoints <br/> View and change integration secrets | | ||
| View project integrations | `project:integrations:read` | View all integration endpoints | | ||
|
||
|
||
## Roles | ||
|
||
### Admin | ||
|
||
Admin have full access to the project and its services. Every project has at least | ||
one admin user. This role is automatically granted to users who create a project. | ||
Project admin do not have access to organization settings such as billing unless | ||
they are also a [super admin](/docs/platform/howto/make-super-admin). | ||
|
||
### Operator | ||
|
||
- Create and delete services | ||
- Power on and off services | ||
- Apply maintenance updates | ||
- Change maintenance windows | ||
- ... | ||
|
||
|
||
### Developer | ||
|
||
- Create databases | ||
- Connect to databases | ||
- Remove Aiven for OpenSearch® indexes | ||
- Create and change Aiven for Apache Kafka® topics | ||
- Create and change Aiven for PostgreSQL® connection pools | ||
- Create and change service database users | ||
|
||
### Read-only | ||
|
||
View all services and ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
--- | ||
title: Manage roles and permissions | ||
--- | ||
|
||
import ConsoleLabel from "@site/src/components/ConsoleIcons" | ||
|
||
Introduction | ||
|
||
## Add users and groups to projects | ||
|
||
Users can be added individually or as part of a user | ||
[group](/docs/platform/howto/list-groups): | ||
|
||
1. In the project, click <ConsoleLabel name="projectpermissions"/>. | ||
|
||
1. Click **Add users** and select **Add users** or **Add groups**. | ||
|
||
1. Select the users or groups to add to the project. | ||
<!-- vale off --> | ||
1. Select a **Role**. The [role](/docs/platform/reference/project-member-privileges) | ||
will be assigned to all users in all selected groups. | ||
|
||
1. Click **Add users** or **Add groups**. | ||
## Change permissions for a user or group | ||
|
||
1. Org > Project | ||
1. Permissions | ||
1. Actions > Change role | ||
1. ... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters