From 2f8f0ee784e2136a2b0fcb2dec562730791617eb Mon Sep 17 00:00:00 2001 From: Ayush Ukhalkar Date: Sat, 27 Jul 2024 11:32:53 +0530 Subject: [PATCH] hyperlinked each role from permissions page Signed-off-by: Ayush Ukhalkar --- content/en/cloud/security/roles/_index.md | 91 ++++++++------- layouts/shortcodes/csvtable-roles.html | 130 +++++++++++----------- 2 files changed, 114 insertions(+), 107 deletions(-) diff --git a/content/en/cloud/security/roles/_index.md b/content/en/cloud/security/roles/_index.md index e2383df1..96fe88e7 100644 --- a/content/en/cloud/security/roles/_index.md +++ b/content/en/cloud/security/roles/_index.md @@ -14,7 +14,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con ## Provider Admin Role {{< cardpane >}} -{{% card header="### Provider Admin Role" %}} +{{% card header="Provider Admin Role" %}} ![role-provider](/cloud/security/images/role-provider-admin.svg) {{% /card %}} {{% card %}} @@ -52,12 +52,12 @@ Roles map permissions to users. Roles contain any number of keychains, which con {{< cardpane >}} {{% card %}} -![organization-administrator](/cloud/security/images/organization-roles.svg) +![organization-administrator and manager](/cloud/identity/images/organization-administrator-and-organization-billing-manager.svg) {{% /card %}} {{< /cardpane >}} {{< cardpane >}} -{{% card header="### Organization Administrator" %}} +{{% card header="### Organization Administrator" %}} **What is the purpose of this role?** @@ -81,7 +81,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con - Organization Owner {{% /card %}} -{{% card header="### Organization Billing Manager" %}} +{{% card header="### Organization Billing Manager" %}} **What is the purpose of this role?** @@ -120,12 +120,12 @@ For more information, see [Organization](/cloud/identity/organizations). {{< cardpane >}} {{% card %}} -![workspace-administrator](/cloud/security/images/workspace-roles.svg) +![workspacea-administrator-and-workspace-manager](/cloud/identity/images/workspace-administrator-and-workspace-manager.svg) {{% /card %}} {{< /cardpane >}} {{< cardpane >}} -{{% card header="### Workspace Administrator" %}} +{{% card header="### Workspace Administrator" %}} **What is the purpose of this role?** @@ -148,6 +148,29 @@ For more information, see [Organization](/cloud/identity/organizations). - Organization Administrators or Workspace Owner +{{% /card %}} +{{% card header="### Workspace Manager" %}} + +**What is the purpose of this role?** + +- Management and administration of the various workspace resources + +**Who can assign this role?** + +- Organization Administrators or Workspace Administrators + +**When this role is first assigned?** + +- Manually by Organization Administrators or Workspace Administrators + +**How many instances of these roles?** + +- Min: 0, Max: many + +**Who can remove assignment of this role?** + +- Organization Administrators or Workspace Administrators + {{% /card %}} {{< /cardpane >}} @@ -163,12 +186,12 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of {{< cardpane >}} {{% card %}} -![team-administrators](/cloud/security/images/team-roles.svg) +![team-admins-and-manager](/cloud/identity/images/team-admins-and-team-managers.svg) {{% /card %}} {{< /cardpane >}} {{< cardpane >}} -{{% card header="### Team Administrator" %}} +{{% card header="Team Administrator" %}} **What is the purpose of this role?** - Administration of teams @@ -183,52 +206,34 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of - By default, the first Team Admin is owner (the team creator) **How many instances of these roles?** +Min: 1, Max: many -- Min: 1, Max: many - -{{% /card %}} -{{< /cardpane >}} - -{{< alert title="Owners as entitlements, not roles" >}} -It's essential to understand that owners are not roles, but entitlements. - -Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team. - -The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team. - -For more information, see [Teams](/cloud/identity/teams). -{{< /alert >}} - -## User Role - -{{< cardpane >}} -{{% card %}} -![user](/cloud/security/images/user-role.svg) {{% /card %}} -{{< /cardpane >}} - -{{< cardpane >}} -{{% card header="## User" %}} - +{{% card header="### Team Manager" %}} **What is the purpose of this role?** -- To grant Organization members access to basic features and resources within the context of that Organization. +- Administration of teams (without delete access) -**Who can assign this role?** +**Who can assign and unassign this role?** -- Organization Administrators, Workspace Administrators and Team Administrators +- Organization Administrators or Team Owner -**When this role first assigned?** +**When is this role first assigned?** -- Automatically assigned to members on joining an Organization. +- Manually by Organization Administrator or Team Owner **How many instances of these roles?** -- Min: 1, Max: many +- Min: 0, Max: many + {{% /card %}} + {{< /cardpane >}} -**Who can remove assignment of this role?** +{{< alert title="Owners as entitlements, not roles" >}} +It's essential to understand that owners are not roles, but entitlements. -- Organization Administrators, Workspace Administrators and Team Administrators +Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team. -{{% /card %}} -{{< /cardpane >}} +The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team. + +For more information, see [Teams](/cloud/identity/teams). +{{< /alert >}} \ No newline at end of file diff --git a/layouts/shortcodes/csvtable-roles.html b/layouts/shortcodes/csvtable-roles.html index 2193f0c6..37612e73 100644 --- a/layouts/shortcodes/csvtable-roles.html +++ b/layouts/shortcodes/csvtable-roles.html @@ -1,68 +1,70 @@ {{ $data := "" }} {{ $p := "static/data/csv/keys.csv" }} {{ $excludedColumns := -slice 0 10 11 12 13 14 15 16 17 18 }} {{ if os.FileExists $p }} {{ $opts := dict -"delimiter" "," }} {{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }} {{ -else }} {{ errorf "Unable to get resource %q" $p }} {{ end }} {{ if $data }} {{ -$uniqueCategories := slice }} {{ $stopAddingCategories := false }} {{ range $i, -$header := index $data 1 }} {{ if gt $i 3 }} {{if eq $header "Keychain ID"}} {{ -$stopAddingCategories = true }} {{end}} {{ if not $stopAddingCategories }} {{ if -and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }} {{ -$uniqueCategories = $uniqueCategories | append $header }} {{ end }} {{ end }} {{ -end }} {{end}} {{ range $index, $category := $uniqueCategories }} -
-

{{ $category }} Role

- - - - {{ range $i, $col := index $data 1 }} {{ if and (not (in - $excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }} {{ if and - (eq $i 1) }} - - {{ else }} {{ if and (eq $i 2) }} - - {{ end }}{{ end }} {{ end }} {{ end }} - - - - {{ range $i, $row := $data }} {{ if gt $i 0 }} {{/* Skip the header row */}} - {{ $hasAccess := false }} {{/* Flag to track if the row has access for the category */}} - {{ $functionValue := "" }} {{/* Variable to hold the Function value */}} - {{ $featureValue := "" }} {{/* Variable to hold the Feature value */}} - - {{/* Find the column indices for Category, Function, and Feature */}} - {{ $categoryIndex := -1 }} - {{ $functionIndex := -1 }} - {{ $featureIndex := -1 }} - {{ range $j, $header := index $data 1 }} {{/* Assuming the first row contains headers */}} - {{ if eq $header $category }} {{/* Check if the header matches the current category */}} - {{ $categoryIndex = $j }} + slice 0 10 11 12 13 14 15 16 17 18 }} {{ if os.FileExists $p }} {{ $opts := dict + "delimiter" "," }} {{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }} {{ + else }} {{ errorf "Unable to get resource %q" $p }} {{ end }} {{ if $data }} {{ + $uniqueCategories := slice }} {{ $stopAddingCategories := false }} {{ range $i, + $header := index $data 1 }} {{ if gt $i 3 }} {{if eq $header "Keychain ID"}} {{ + $stopAddingCategories = true }} {{end}} {{ if not $stopAddingCategories }} {{ if + and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }} {{ + $uniqueCategories = $uniqueCategories | append $header }} {{ end }} {{ end }} {{ + end }} {{end}} {{ range $index, $category := $uniqueCategories }} +
+

{{ $category }} Role

+
PermissionDescription
+ + + {{ range $i, $col := index $data 1 }} {{ if and (not (in + $excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }} {{ if and + (eq $i 1) }} + + {{ else }} {{ if and (eq $i 2) }} + + {{ end }}{{ end }} {{ end }} {{ end }} + + + + {{ range $i, $row := $data }} {{ if gt $i 0 }} {{/* Skip the header row */}} + {{ $hasAccess := false }} {{/* Flag to track if the row has access for the category */}} + {{ $functionValue := "" }} {{/* Variable to hold the Function value */}} + {{ $featureValue := "" }} {{/* Variable to hold the Feature value */}} + + {{/* Find the column indices for Category, Function, and Feature */}} + {{ $categoryIndex := -1 }} + {{ $functionIndex := -1 }} + {{ $featureIndex := -1 }} + {{ range $j, $header := index $data 1 }} {{/* Assuming the first row contains headers */}} + {{ if eq $header $category }} {{/* Check if the header matches the current category */}} + {{ $categoryIndex = $j }} + {{ end }} + {{ if eq $header "Function" }} + {{ $functionIndex = $j }} + {{ end }} + {{ if eq $header "Feature" }} + {{ $featureIndex = $j }} + {{ end }} {{ end }} - {{ if eq $header "Function" }} - {{ $functionIndex = $j }} + {{/* Check if the row has access for the category */}} + {{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }} + {{ $hasAccess = true }} {{ end }} - {{ if eq $header "Feature" }} - {{ $featureIndex = $j }} + {{/* Get the Function and Feature values if the row has access */}} + {{ if $hasAccess }} + {{ $functionValue = index $row $functionIndex }} + {{ $featureValue = index $row $featureIndex }} {{ end }} - {{ end }} - {{/* Check if the row has access for the category */}} - {{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }} - {{ $hasAccess = true }} - {{ end }} - {{/* Get the Function and Feature values if the row has access */}} - {{ if $hasAccess }} - {{ $functionValue = index $row $functionIndex }} - {{ $featureValue = index $row $featureIndex }} - {{ end }} -{{/* Print the row if it has access */}} - {{ if $hasAccess }} - - - - - {{end}} - {{ end }} {{ end }} - -
PermissionDescription
{{ $functionValue }} {{ $featureValue }}
-
-{{ end }} {{ else }} -

No data available.

-{{ end }} + {{/* Print the row if it has access */}} + {{ if $hasAccess }} + + {{ $functionValue }} + {{ $featureValue }} + + {{end}} + {{ end }} {{ end }} + + + + {{ end }} {{ else }} +

No data available.

+ {{ end }} + + \ No newline at end of file