Skip to content

Commit

Permalink
hyperlinked each role from permissions page
Browse files Browse the repository at this point in the history 
Signed-off-by: Ayush Ukhalkar <[email protected]>
  • Loading branch information
@iushdoescode
iushdoescode committed Jul 27, 2024
1 parent b2f9d3f commit 2f8f0ee
Show file tree
Hide file tree
Showing 2 changed files with 114 additions and 107 deletions.
91 changes: 48 additions & 43 deletions content/en/cloud/security/roles/_index.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con
## Provider Admin Role

{{< cardpane >}}
{{% card header="### Provider Admin Role" %}}
{{% card header="<a href='https://docs.layer5.io/cloud/reference/default-permissions/#Provider+Admin' target='_blank'>Provider Admin Role</a>" %}}
![role-provider](/cloud/security/images/role-provider-admin.svg)
{{% /card %}}
{{% card %}}
Expand Down Expand Up @@ -52,12 +52,12 @@ Roles map permissions to users. Roles contain any number of keychains, which con

{{< cardpane >}}
{{% card %}}
![organization-administrator](/cloud/security/images/organization-roles.svg)
![organization-administrator and manager](/cloud/identity/images/organization-administrator-and-organization-billing-manager.svg)
{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="### Organization Administrator" %}}
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Org+Admin' target='_blank'>Organization Administrator</a>" %}}

**What is the purpose of this role?**

Expand All @@ -81,7 +81,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con
- Organization Owner

{{% /card %}}
{{% card header="### Organization Billing Manager" %}}
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Org+Billing+Manager' target='_blank'>Organization Billing Manager</a>" %}}

**What is the purpose of this role?**

Expand Down Expand Up @@ -120,12 +120,12 @@ For more information, see [Organization](/cloud/identity/organizations).

{{< cardpane >}}
{{% card %}}
![workspace-administrator](/cloud/security/images/workspace-roles.svg)
![workspacea-administrator-and-workspace-manager](/cloud/identity/images/workspace-administrator-and-workspace-manager.svg)
{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="### Workspace Administrator" %}}
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Workspace+Admin' target='_blank'>Workspace Administrator</a>" %}}

**What is the purpose of this role?**

Expand All @@ -148,6 +148,29 @@ For more information, see [Organization](/cloud/identity/organizations).

- Organization Administrators or Workspace Owner

{{% /card %}}
{{% card header="### Workspace Manager" %}}

**What is the purpose of this role?**

- Management and administration of the various workspace resources

**Who can assign this role?**

- Organization Administrators or Workspace Administrators

**When this role is first assigned?**

- Manually by Organization Administrators or Workspace Administrators

**How many instances of these roles?**

- Min: 0, Max: many

**Who can remove assignment of this role?**

- Organization Administrators or Workspace Administrators

{{% /card %}}
{{< /cardpane >}}

Expand All @@ -163,12 +186,12 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of

{{< cardpane >}}
{{% card %}}
![team-administrators](/cloud/security/images/team-roles.svg)
![team-admins-and-manager](/cloud/identity/images/team-admins-and-team-managers.svg)
{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="### Team Administrator" %}}
{{% card header="<a href='https://docs.layer5.io/cloud/reference/default-permissions/#Team+Admin' target='_blank'>Team Administrator</a>" %}}
**What is the purpose of this role?**

- Administration of teams
Expand All @@ -183,52 +206,34 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of
- By default, the first Team Admin is owner (the team creator)

**How many instances of these roles?**
Min: 1, Max: many

- Min: 1, Max: many

{{% /card %}}
{{< /cardpane >}}

{{< alert title="Owners as entitlements, not roles" >}}
It's essential to understand that owners are not roles, but entitlements.

Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team.

The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team.

For more information, see [Teams](/cloud/identity/teams).
{{< /alert >}}

## User Role

{{< cardpane >}}
{{% card %}}
![user](/cloud/security/images/user-role.svg)
{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="## User" %}}

{{% card header="### Team Manager" %}}
**What is the purpose of this role?**

- To grant Organization members access to basic features and resources within the context of that Organization.
- Administration of teams (without delete access)

**Who can assign this role?**
**Who can assign and unassign this role?**

- Organization Administrators, Workspace Administrators and Team Administrators
- Organization Administrators or Team Owner

**When this role first assigned?**
**When is this role first assigned?**

- Automatically assigned to members on joining an Organization.
- Manually by Organization Administrator or Team Owner

**How many instances of these roles?**

- Min: 1, Max: many
- Min: 0, Max: many
{{% /card %}}
{{< /cardpane >}}

**Who can remove assignment of this role?**
{{< alert title="Owners as entitlements, not roles" >}}
It's essential to understand that owners are not roles, but entitlements.

- Organization Administrators, Workspace Administrators and Team Administrators
Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team.

{{% /card %}}
{{< /cardpane >}}
The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team.

For more information, see [Teams](/cloud/identity/teams).
{{< /alert >}}
130 changes: 66 additions & 64 deletions layouts/shortcodes/csvtable-roles.html
View file
Original file line number Diff line number Diff line change
@@ -1,68 +1,70 @@
{{ $data := "" }} {{ $p := "static/data/csv/keys.csv" }} {{ $excludedColumns :=
slice 0 10 11 12 13 14 15 16 17 18 }} {{ if os.FileExists $p }} {{ $opts := dict
"delimiter" "," }} {{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }} {{
else }} {{ errorf "Unable to get resource %q" $p }} {{ end }} {{ if $data }} {{
$uniqueCategories := slice }} {{ $stopAddingCategories := false }} {{ range $i,
$header := index $data 1 }} {{ if gt $i 3 }} {{if eq $header "Keychain ID"}} {{
$stopAddingCategories = true }} {{end}} {{ if not $stopAddingCategories }} {{ if
and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }} {{
$uniqueCategories = $uniqueCategories | append $header }} {{ end }} {{ end }} {{
end }} {{end}} {{ range $index, $category := $uniqueCategories }}
<div class="csvtable-div">
<h2>{{ $category }} Role</h2>
<table class="csvtable td-initial">
<thead>
<tr>
{{ range $i, $col := index $data 1 }} {{ if and (not (in
$excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }} {{ if and
(eq $i 1) }}
<th>Permission</th>
{{ else }} {{ if and (eq $i 2) }}
<th>Description</th>
{{ end }}{{ end }} {{ end }} {{ end }}
</tr>
</thead>
<tbody>
{{ range $i, $row := $data }} {{ if gt $i 0 }} {{/* Skip the header row */}}
{{ $hasAccess := false }} {{/* Flag to track if the row has access for the category */}}
{{ $functionValue := "" }} {{/* Variable to hold the Function value */}}
{{ $featureValue := "" }} {{/* Variable to hold the Feature value */}}

{{/* Find the column indices for Category, Function, and Feature */}}
{{ $categoryIndex := -1 }}
{{ $functionIndex := -1 }}
{{ $featureIndex := -1 }}
{{ range $j, $header := index $data 1 }} {{/* Assuming the first row contains headers */}}
{{ if eq $header $category }} {{/* Check if the header matches the current category */}}
{{ $categoryIndex = $j }}
slice 0 10 11 12 13 14 15 16 17 18 }} {{ if os.FileExists $p }} {{ $opts := dict
"delimiter" "," }} {{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }} {{
else }} {{ errorf "Unable to get resource %q" $p }} {{ end }} {{ if $data }} {{
$uniqueCategories := slice }} {{ $stopAddingCategories := false }} {{ range $i,
$header := index $data 1 }} {{ if gt $i 3 }} {{if eq $header "Keychain ID"}} {{
$stopAddingCategories = true }} {{end}} {{ if not $stopAddingCategories }} {{ if
and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }} {{
$uniqueCategories = $uniqueCategories | append $header }} {{ end }} {{ end }} {{
end }} {{end}} {{ range $index, $category := $uniqueCategories }}
<div class="csvtable-div">
<h2 id="{{ $category | urlquery }}">{{ $category }} Role </h2>
<table class="csvtable td-initial">
<thead>
<tr>
{{ range $i, $col := index $data 1 }} {{ if and (not (in
$excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }} {{ if and
(eq $i 1) }}
<th>Permission</th>
{{ else }} {{ if and (eq $i 2) }}
<th>Description</th>
{{ end }}{{ end }} {{ end }} {{ end }}
</tr>
</thead>
<tbody>
{{ range $i, $row := $data }} {{ if gt $i 0 }} {{/* Skip the header row */}}
{{ $hasAccess := false }} {{/* Flag to track if the row has access for the category */}}
{{ $functionValue := "" }} {{/* Variable to hold the Function value */}}
{{ $featureValue := "" }} {{/* Variable to hold the Feature value */}}

{{/* Find the column indices for Category, Function, and Feature */}}
{{ $categoryIndex := -1 }}
{{ $functionIndex := -1 }}
{{ $featureIndex := -1 }}
{{ range $j, $header := index $data 1 }} {{/* Assuming the first row contains headers */}}
{{ if eq $header $category }} {{/* Check if the header matches the current category */}}
{{ $categoryIndex = $j }}
{{ end }}
{{ if eq $header "Function" }}
{{ $functionIndex = $j }}
{{ end }}
{{ if eq $header "Feature" }}
{{ $featureIndex = $j }}
{{ end }}
{{ end }}
{{ if eq $header "Function" }}
{{ $functionIndex = $j }}
{{/* Check if the row has access for the category */}}
{{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }}
{{ $hasAccess = true }}
{{ end }}
{{ if eq $header "Feature" }}
{{ $featureIndex = $j }}
{{/* Get the Function and Feature values if the row has access */}}
{{ if $hasAccess }}
{{ $functionValue = index $row $functionIndex }}
{{ $featureValue = index $row $featureIndex }}
{{ end }}
{{ end }}
{{/* Check if the row has access for the category */}}
{{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }}
{{ $hasAccess = true }}
{{ end }}
{{/* Get the Function and Feature values if the row has access */}}
{{ if $hasAccess }}
{{ $functionValue = index $row $functionIndex }}
{{ $featureValue = index $row $featureIndex }}
{{ end }}
{{/* Print the row if it has access */}}
{{ if $hasAccess }}
<tr>
<td>{{ $functionValue }} </td>
<td>{{ $featureValue }}</td>
</tr>
{{end}}
{{ end }} {{ end }}
</tbody>
</table>
</div>
{{ end }} {{ else }}
<p>No data available.</p>
{{ end }}
{{/* Print the row if it has access */}}
{{ if $hasAccess }}
<tr>
<td>{{ $functionValue }} </td>
<td>{{ $featureValue }}</td>
</tr>
{{end}}
{{ end }} {{ end }}
</tbody>
</table>
</div>
{{ end }} {{ else }}
<p>No data available.</p>
{{ end }}


0 comments on commit 2f8f0ee

Please sign in to comment.