Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

hyperlinked each role from permissions page reference #335

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+161 −121
Open

hyperlinked each role from permissions page reference #335

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
2f8f0ee
hyperlinked each role from permissions page
iushdoescode Jul 27, 2024
3b7627a
Merge branch 'master' into hyperlinks
iushdoescode Aug 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
91 changes: 48 additions & 43 deletions content/en/cloud/security/roles/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con
## Provider Admin Role

{{< cardpane >}}
{{% card header="### Provider Admin Role" %}}
{{% card header="<a href='https://docs.layer5.io/cloud/reference/default-permissions/#Provider+Admin' target='_blank'>Provider Admin Role</a>" %}}
![role-provider](/cloud/security/images/role-provider-admin.svg)
{{% /card %}}
{{% card %}}
Expand Down Expand Up @@ -52,12 +52,12 @@ Roles map permissions to users. Roles contain any number of keychains, which con

{{< cardpane >}}
{{% card %}}
![organization-administrator](/cloud/security/images/organization-roles.svg)
![organization-administrator and manager](/cloud/identity/images/organization-administrator-and-organization-billing-manager.svg)
{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="### Organization Administrator" %}}
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Org+Admin' target='_blank'>Organization Administrator</a>" %}}

**What is the purpose of this role?**

Expand All @@ -81,7 +81,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con
- Organization Owner

{{% /card %}}
{{% card header="### Organization Billing Manager" %}}
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Org+Billing+Manager' target='_blank'>Organization Billing Manager</a>" %}}

**What is the purpose of this role?**

Expand Down Expand Up @@ -120,12 +120,12 @@ For more information, see [Organization](/cloud/identity/organizations).

{{< cardpane >}}
{{% card %}}
![workspace-administrator](/cloud/security/images/workspace-roles.svg)
![workspacea-administrator-and-workspace-manager](/cloud/identity/images/workspace-administrator-and-workspace-manager.svg)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have since then removed the workspace manager role and this change isn't needed now.

{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="### Workspace Administrator" %}}
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Workspace+Admin' target='_blank'>Workspace Administrator</a>" %}}

**What is the purpose of this role?**

Expand All @@ -148,6 +148,29 @@ For more information, see [Organization](/cloud/identity/organizations).

- Organization Administrators or Workspace Owner

{{% /card %}}
{{% card header="### Workspace Manager" %}}

**What is the purpose of this role?**

- Management and administration of the various workspace resources

**Who can assign this role?**

- Organization Administrators or Workspace Administrators

**When this role is first assigned?**

- Manually by Organization Administrators or Workspace Administrators

**How many instances of these roles?**

- Min: 0, Max: many

**Who can remove assignment of this role?**

- Organization Administrators or Workspace Administrators

{{% /card %}}
{{< /cardpane >}}

Expand All @@ -163,12 +186,12 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of

{{< cardpane >}}
{{% card %}}
![team-administrators](/cloud/security/images/team-roles.svg)
![team-admins-and-manager](/cloud/identity/images/team-admins-and-team-managers.svg)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here. Team Manager role has also been deleted.

{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="### Team Administrator" %}}
{{% card header="<a href='https://docs.layer5.io/cloud/reference/default-permissions/#Team+Admin' target='_blank'>Team Administrator</a>" %}}
**What is the purpose of this role?**

- Administration of teams
Expand All @@ -183,52 +206,34 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of
- By default, the first Team Admin is owner (the team creator)

**How many instances of these roles?**
Min: 1, Max: many

- Min: 1, Max: many

{{% /card %}}
{{< /cardpane >}}

{{< alert title="Owners as entitlements, not roles" >}}
It's essential to understand that owners are not roles, but entitlements.

Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team.

The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team.

For more information, see [Teams](/cloud/identity/teams).
{{< /alert >}}

## User Role
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Was the removal of the user role suggested by a team member?


{{< cardpane >}}
{{% card %}}
![user](/cloud/security/images/user-role.svg)
{{% /card %}}
{{< /cardpane >}}

{{< cardpane >}}
{{% card header="## User" %}}

{{% card header="### Team Manager" %}}
**What is the purpose of this role?**

- To grant Organization members access to basic features and resources within the context of that Organization.
- Administration of teams (without delete access)

**Who can assign this role?**
**Who can assign and unassign this role?**

- Organization Administrators, Workspace Administrators and Team Administrators
- Organization Administrators or Team Owner

**When this role first assigned?**
**When is this role first assigned?**

- Automatically assigned to members on joining an Organization.
- Manually by Organization Administrator or Team Owner

**How many instances of these roles?**

- Min: 1, Max: many
- Min: 0, Max: many
{{% /card %}}
{{< /cardpane >}}

**Who can remove assignment of this role?**
{{< alert title="Owners as entitlements, not roles" >}}
It's essential to understand that owners are not roles, but entitlements.

- Organization Administrators, Workspace Administrators and Team Administrators
Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team.

{{% /card %}}
{{< /cardpane >}}
The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team.

For more information, see [Teams](/cloud/identity/teams).
{{< /alert >}}
191 changes: 113 additions & 78 deletions layouts/shortcodes/csvtable-roles.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,81 +1,116 @@
{{ $data := "" }} {{ $p := "static/data/csv/keys.csv" }} {{ $excludedColumns :=
slice 0 10 11 12 13 14 15 16 17 18 }} {{ if os.FileExists $p }} {{ $opts := dict
"delimiter" "," }} {{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }} {{
else }} {{ errorf "Unable to get resource %q" $p }} {{ end }} {{ if $data }} {{
$uniqueCategories := slice }} {{ $stopAddingCategories := false }} {{ range $i,
$header := index $data 1 }} {{ if gt $i 3 }} {{if eq $header "Keychain ID"}} {{
$stopAddingCategories = true }} {{end}} {{ if not $stopAddingCategories }} {{ if
and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }} {{
$uniqueCategories = $uniqueCategories | append $header }} {{ end }} {{ end }} {{
end }} {{end}} {{ range $index, $category := $uniqueCategories }}
<div class="csvtable-div">
{{ $sectionName := $category | lower }}
{{ $urlPath := "roles" }}
{{ if hasPrefix $sectionName "workspace" }}
{{ $urlPath = "roles/workspace-roles" }}
{{ else if hasPrefix $sectionName "team" }}
{{ $urlPath = "roles/team-roles" }}
{{ else if hasPrefix $sectionName "org" }}
{{ $urlPath = "roles/organization-roles" }}
{{ else if hasPrefix $sectionName "provider" }}
{{ $urlPath = "roles/#provider-admin-role" }}
{{ else }}
{{ $urlPath = print "roles/" $sectionName | urlize }}
{{ end }}
<h2><a href="/cloud/security/{{ $urlPath }}">{{ $category }} Role</a></h2>
<table class="csvtable td-initial">
<thead>
<tr>
{{ range $i, $col := index $data 1 }} {{ if and (not (in
$excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }} {{ if and
(eq $i 1) }}
<th>Permission</th>
{{ else }} {{ if and (eq $i 2) }}
<th>Description</th>
{{ end }}{{ end }} {{ end }} {{ end }}
</tr>
</thead>
<tbody>
{{ range $i, $row := $data }} {{ if gt $i 0 }} {{/* Skip the header row */}}
{{ $hasAccess := false }} {{/* Flag to track if the row has access for the category */}}
{{ $functionValue := "" }} {{/* Variable to hold the Function value */}}
{{ $featureValue := "" }} {{/* Variable to hold the Feature value */}}
{{ $data := "" }}
{{ $p := "static/data/csv/keys.csv" }}
{{ $excludedColumns := slice 0 10 11 12 13 14 15 16 17 18 }}

{{/* Find the column indices for Category, Function, and Feature */}}
{{ $categoryIndex := -1 }}
{{ $functionIndex := -1 }}
{{ $featureIndex := -1 }}
{{ range $j, $header := index $data 1 }} {{/* Assuming the first row contains headers */}}
{{ if eq $header $category }} {{/* Check if the header matches the current category */}}
{{ $categoryIndex = $j }}
{{ end }}
{{ if eq $header "Function" }}
{{ $functionIndex = $j }}
{{ end }}
{{ if eq $header "Feature" }}
{{ $featureIndex = $j }}
{{ if os.FileExists $p }}
{{ $opts := dict "delimiter" "," }}
{{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }}
{{ else }}
{{ errorf "Unable to get resource %q" $p }}
{{ end }}

{{ if $data }}
{{ $uniqueCategories := slice }}
{{ $stopAddingCategories := false }}

{{ range $i, $header := index $data 1 }}
{{ if gt $i 3 }}
{{ if eq $header "Keychain ID" }}
{{ $stopAddingCategories = true }}
{{ end }}

{{ if not $stopAddingCategories }}
{{ if and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }}
{{ $uniqueCategories = $uniqueCategories | append $header }}
{{ end }}
{{ end }}
{{ end }}
{{ end }}

{{ range $index, $category := $uniqueCategories }}
<div class="csvtable-div">
{{ $sectionName := $category | lower }}
{{ $urlPath := "roles" }}
{{ if hasPrefix $sectionName "workspace" }}
{{ $urlPath = "roles/workspace-roles" }}
{{ else if hasPrefix $sectionName "team" }}
{{ $urlPath = "roles/team-roles" }}
{{ else if hasPrefix $sectionName "org" }}
{{ $urlPath = "roles/organization-roles" }}
{{ else if hasPrefix $sectionName "provider" }}
{{ $urlPath = "roles/#provider-admin-role" }}
{{ else }}
{{ $urlPath = print "roles/" $sectionName | urlize }}
{{ end }}
<h2><a href="/cloud/security/{{ $urlPath }}">{{ $category }} Role</a></h2>
<table class="csvtable td-initial">
<thead>
<tr>
{{ range $i, $col := index $data 1 }}
{{ if and (not (in $excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }}
{{ if and (eq $i 1) }}
<th>Permission</th>
{{ else }}
{{ if and (eq $i 2) }}
<th>Description</th>
{{ end }}
{{ end }}
{{ end }}
{{ end }}
</tr>
</thead>
<tbody>
{{ range $i, $row := $data }}
{{ if gt $i 0 }}
{{/* Skip the header row */}}
{{ $hasAccess := false }}
{{/* Flag to track if the row has access for the category */}}
{{ $functionValue := "" }}
{{/* Variable to hold the Function value */}}
{{ $featureValue := "" }}
{{/* Variable to hold the Feature value */}}

{{/* Find the column indices for Category, Function, and Feature */}}
{{ $categoryIndex := -1 }}
{{ $functionIndex := -1 }}
{{ $featureIndex := -1 }}
{{ range $j, $header := index $data 1 }}
{{/* Assuming the first row contains headers */}}
{{ if eq $header $category }}
{{/* Check if the header matches the current category */}}
{{ $categoryIndex = $j }}
{{ end }}
{{ if eq $header "Function" }}
{{ $functionIndex = $j }}
{{ end }}
{{ if eq $header "Feature" }}
{{ $featureIndex = $j }}
{{ end }}
{{ end }}

{{/* Check if the row has access for the category */}}
{{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }}
{{ $hasAccess = true }}
{{ end }}
{{/* Get the Function and Feature values if the row has access */}}
{{ if $hasAccess }}
{{ $functionValue = index $row $functionIndex }}
{{ $featureValue = index $row $featureIndex }}
{{ end }}

{{/* Print the row if it has access */}}
{{ if $hasAccess }}
<tr>
<td>{{ $functionValue }} </td>
<td>{{ $featureValue }}</td>
</tr>
{{ end }}
{{ end }}
{{ end }}
{{ end }}
{{/* Check if the row has access for the category */}}
{{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }}
{{ $hasAccess = true }}
{{ end }}
{{/* Get the Function and Feature values if the row has access */}}
{{ if $hasAccess }}
{{ $functionValue = index $row $functionIndex }}
{{ $featureValue = index $row $featureIndex }}
{{ end }}
{{/* Print the row if it has access */}}
{{ if $hasAccess }}
<tr>
<td>{{ $functionValue }} </td>
<td>{{ $featureValue }}</td>
</tr>
{{end}}
{{ end }} {{ end }}
</tbody>
</table>
</div>
{{ end }} {{ else }}
<p>No data available.</p>
</tbody>
</table>
</div>
{{ end }}
{{ else }}
<p>No data available.</p>
{{ end }}
Loading