generated from layer5io/layer5-repo-template
-
Notifications
You must be signed in to change notification settings - Fork 83
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hyperlinked each role from permissions page reference #335
Open
iushdoescode
wants to merge
2
commits into
layer5io:master
Choose a base branch
from
iushdoescode:hyperlinks
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -14,7 +14,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con | |
## Provider Admin Role | ||
|
||
{{< cardpane >}} | ||
{{% card header="### Provider Admin Role" %}} | ||
{{% card header="<a href='https://docs.layer5.io/cloud/reference/default-permissions/#Provider+Admin' target='_blank'>Provider Admin Role</a>" %}} | ||
![role-provider](/cloud/security/images/role-provider-admin.svg) | ||
{{% /card %}} | ||
{{% card %}} | ||
|
@@ -52,12 +52,12 @@ Roles map permissions to users. Roles contain any number of keychains, which con | |
|
||
{{< cardpane >}} | ||
{{% card %}} | ||
![organization-administrator](/cloud/security/images/organization-roles.svg) | ||
![organization-administrator and manager](/cloud/identity/images/organization-administrator-and-organization-billing-manager.svg) | ||
{{% /card %}} | ||
{{< /cardpane >}} | ||
|
||
{{< cardpane >}} | ||
{{% card header="### Organization Administrator" %}} | ||
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Org+Admin' target='_blank'>Organization Administrator</a>" %}} | ||
|
||
**What is the purpose of this role?** | ||
|
||
|
@@ -81,7 +81,7 @@ Roles map permissions to users. Roles contain any number of keychains, which con | |
- Organization Owner | ||
|
||
{{% /card %}} | ||
{{% card header="### Organization Billing Manager" %}} | ||
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Org+Billing+Manager' target='_blank'>Organization Billing Manager</a>" %}} | ||
|
||
**What is the purpose of this role?** | ||
|
||
|
@@ -120,12 +120,12 @@ For more information, see [Organization](/cloud/identity/organizations). | |
|
||
{{< cardpane >}} | ||
{{% card %}} | ||
![workspace-administrator](/cloud/security/images/workspace-roles.svg) | ||
![workspacea-administrator-and-workspace-manager](/cloud/identity/images/workspace-administrator-and-workspace-manager.svg) | ||
{{% /card %}} | ||
{{< /cardpane >}} | ||
|
||
{{< cardpane >}} | ||
{{% card header="### Workspace Administrator" %}} | ||
{{% card header="### <a href='https://docs.layer5.io/cloud/reference/default-permissions/#Workspace+Admin' target='_blank'>Workspace Administrator</a>" %}} | ||
|
||
**What is the purpose of this role?** | ||
|
||
|
@@ -148,6 +148,29 @@ For more information, see [Organization](/cloud/identity/organizations). | |
|
||
- Organization Administrators or Workspace Owner | ||
|
||
{{% /card %}} | ||
{{% card header="### Workspace Manager" %}} | ||
|
||
**What is the purpose of this role?** | ||
|
||
- Management and administration of the various workspace resources | ||
|
||
**Who can assign this role?** | ||
|
||
- Organization Administrators or Workspace Administrators | ||
|
||
**When this role is first assigned?** | ||
|
||
- Manually by Organization Administrators or Workspace Administrators | ||
|
||
**How many instances of these roles?** | ||
|
||
- Min: 0, Max: many | ||
|
||
**Who can remove assignment of this role?** | ||
|
||
- Organization Administrators or Workspace Administrators | ||
|
||
{{% /card %}} | ||
{{< /cardpane >}} | ||
|
||
|
@@ -163,12 +186,12 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of | |
|
||
{{< cardpane >}} | ||
{{% card %}} | ||
![team-administrators](/cloud/security/images/team-roles.svg) | ||
![team-admins-and-manager](/cloud/identity/images/team-admins-and-team-managers.svg) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Same here. Team Manager role has also been deleted. |
||
{{% /card %}} | ||
{{< /cardpane >}} | ||
|
||
{{< cardpane >}} | ||
{{% card header="### Team Administrator" %}} | ||
{{% card header="<a href='https://docs.layer5.io/cloud/reference/default-permissions/#Team+Admin' target='_blank'>Team Administrator</a>" %}} | ||
**What is the purpose of this role?** | ||
|
||
- Administration of teams | ||
|
@@ -183,52 +206,34 @@ The entitlement of "workspace owner" is automatically bestowed to the creator of | |
- By default, the first Team Admin is owner (the team creator) | ||
|
||
**How many instances of these roles?** | ||
Min: 1, Max: many | ||
|
||
- Min: 1, Max: many | ||
|
||
{{% /card %}} | ||
{{< /cardpane >}} | ||
|
||
{{< alert title="Owners as entitlements, not roles" >}} | ||
It's essential to understand that owners are not roles, but entitlements. | ||
|
||
Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team. | ||
|
||
The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team. | ||
|
||
For more information, see [Teams](/cloud/identity/teams). | ||
{{< /alert >}} | ||
|
||
## User Role | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Was the removal of the user role suggested by a team member? |
||
|
||
{{< cardpane >}} | ||
{{% card %}} | ||
![user](/cloud/security/images/user-role.svg) | ||
{{% /card %}} | ||
{{< /cardpane >}} | ||
|
||
{{< cardpane >}} | ||
{{% card header="## User" %}} | ||
|
||
{{% card header="### Team Manager" %}} | ||
**What is the purpose of this role?** | ||
|
||
- To grant Organization members access to basic features and resources within the context of that Organization. | ||
- Administration of teams (without delete access) | ||
|
||
**Who can assign this role?** | ||
**Who can assign and unassign this role?** | ||
|
||
- Organization Administrators, Workspace Administrators and Team Administrators | ||
- Organization Administrators or Team Owner | ||
|
||
**When this role first assigned?** | ||
**When is this role first assigned?** | ||
|
||
- Automatically assigned to members on joining an Organization. | ||
- Manually by Organization Administrator or Team Owner | ||
|
||
**How many instances of these roles?** | ||
|
||
- Min: 1, Max: many | ||
- Min: 0, Max: many | ||
{{% /card %}} | ||
{{< /cardpane >}} | ||
|
||
**Who can remove assignment of this role?** | ||
{{< alert title="Owners as entitlements, not roles" >}} | ||
It's essential to understand that owners are not roles, but entitlements. | ||
|
||
- Organization Administrators, Workspace Administrators and Team Administrators | ||
Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team. | ||
|
||
{{% /card %}} | ||
{{< /cardpane >}} | ||
The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team. | ||
|
||
For more information, see [Teams](/cloud/identity/teams). | ||
{{< /alert >}} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,81 +1,116 @@ | ||
{{ $data := "" }} {{ $p := "static/data/csv/keys.csv" }} {{ $excludedColumns := | ||
slice 0 10 11 12 13 14 15 16 17 18 }} {{ if os.FileExists $p }} {{ $opts := dict | ||
"delimiter" "," }} {{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }} {{ | ||
else }} {{ errorf "Unable to get resource %q" $p }} {{ end }} {{ if $data }} {{ | ||
$uniqueCategories := slice }} {{ $stopAddingCategories := false }} {{ range $i, | ||
$header := index $data 1 }} {{ if gt $i 3 }} {{if eq $header "Keychain ID"}} {{ | ||
$stopAddingCategories = true }} {{end}} {{ if not $stopAddingCategories }} {{ if | ||
and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }} {{ | ||
$uniqueCategories = $uniqueCategories | append $header }} {{ end }} {{ end }} {{ | ||
end }} {{end}} {{ range $index, $category := $uniqueCategories }} | ||
<div class="csvtable-div"> | ||
{{ $sectionName := $category | lower }} | ||
{{ $urlPath := "roles" }} | ||
{{ if hasPrefix $sectionName "workspace" }} | ||
{{ $urlPath = "roles/workspace-roles" }} | ||
{{ else if hasPrefix $sectionName "team" }} | ||
{{ $urlPath = "roles/team-roles" }} | ||
{{ else if hasPrefix $sectionName "org" }} | ||
{{ $urlPath = "roles/organization-roles" }} | ||
{{ else if hasPrefix $sectionName "provider" }} | ||
{{ $urlPath = "roles/#provider-admin-role" }} | ||
{{ else }} | ||
{{ $urlPath = print "roles/" $sectionName | urlize }} | ||
{{ end }} | ||
<h2><a href="/cloud/security/{{ $urlPath }}">{{ $category }} Role</a></h2> | ||
<table class="csvtable td-initial"> | ||
<thead> | ||
<tr> | ||
{{ range $i, $col := index $data 1 }} {{ if and (not (in | ||
$excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }} {{ if and | ||
(eq $i 1) }} | ||
<th>Permission</th> | ||
{{ else }} {{ if and (eq $i 2) }} | ||
<th>Description</th> | ||
{{ end }}{{ end }} {{ end }} {{ end }} | ||
</tr> | ||
</thead> | ||
<tbody> | ||
{{ range $i, $row := $data }} {{ if gt $i 0 }} {{/* Skip the header row */}} | ||
{{ $hasAccess := false }} {{/* Flag to track if the row has access for the category */}} | ||
{{ $functionValue := "" }} {{/* Variable to hold the Function value */}} | ||
{{ $featureValue := "" }} {{/* Variable to hold the Feature value */}} | ||
{{ $data := "" }} | ||
{{ $p := "static/data/csv/keys.csv" }} | ||
{{ $excludedColumns := slice 0 10 11 12 13 14 15 16 17 18 }} | ||
|
||
{{/* Find the column indices for Category, Function, and Feature */}} | ||
{{ $categoryIndex := -1 }} | ||
{{ $functionIndex := -1 }} | ||
{{ $featureIndex := -1 }} | ||
{{ range $j, $header := index $data 1 }} {{/* Assuming the first row contains headers */}} | ||
{{ if eq $header $category }} {{/* Check if the header matches the current category */}} | ||
{{ $categoryIndex = $j }} | ||
{{ end }} | ||
{{ if eq $header "Function" }} | ||
{{ $functionIndex = $j }} | ||
{{ end }} | ||
{{ if eq $header "Feature" }} | ||
{{ $featureIndex = $j }} | ||
{{ if os.FileExists $p }} | ||
{{ $opts := dict "delimiter" "," }} | ||
{{ $data = (os.ReadFile $p | transform.Unmarshal $opts) }} | ||
{{ else }} | ||
{{ errorf "Unable to get resource %q" $p }} | ||
{{ end }} | ||
|
||
{{ if $data }} | ||
{{ $uniqueCategories := slice }} | ||
{{ $stopAddingCategories := false }} | ||
|
||
{{ range $i, $header := index $data 1 }} | ||
{{ if gt $i 3 }} | ||
{{ if eq $header "Keychain ID" }} | ||
{{ $stopAddingCategories = true }} | ||
{{ end }} | ||
|
||
{{ if not $stopAddingCategories }} | ||
{{ if and (ne (trim $header "") "") (not (in $uniqueCategories $header)) }} | ||
{{ $uniqueCategories = $uniqueCategories | append $header }} | ||
{{ end }} | ||
{{ end }} | ||
{{ end }} | ||
{{ end }} | ||
|
||
{{ range $index, $category := $uniqueCategories }} | ||
<div class="csvtable-div"> | ||
{{ $sectionName := $category | lower }} | ||
{{ $urlPath := "roles" }} | ||
{{ if hasPrefix $sectionName "workspace" }} | ||
{{ $urlPath = "roles/workspace-roles" }} | ||
{{ else if hasPrefix $sectionName "team" }} | ||
{{ $urlPath = "roles/team-roles" }} | ||
{{ else if hasPrefix $sectionName "org" }} | ||
{{ $urlPath = "roles/organization-roles" }} | ||
{{ else if hasPrefix $sectionName "provider" }} | ||
{{ $urlPath = "roles/#provider-admin-role" }} | ||
{{ else }} | ||
{{ $urlPath = print "roles/" $sectionName | urlize }} | ||
{{ end }} | ||
<h2><a href="/cloud/security/{{ $urlPath }}">{{ $category }} Role</a></h2> | ||
<table class="csvtable td-initial"> | ||
<thead> | ||
<tr> | ||
{{ range $i, $col := index $data 1 }} | ||
{{ if and (not (in $excludedColumns $i)) (or (eq $i 0) (ne $i 1) (ne $i 2)) }} | ||
{{ if and (eq $i 1) }} | ||
<th>Permission</th> | ||
{{ else }} | ||
{{ if and (eq $i 2) }} | ||
<th>Description</th> | ||
{{ end }} | ||
{{ end }} | ||
{{ end }} | ||
{{ end }} | ||
</tr> | ||
</thead> | ||
<tbody> | ||
{{ range $i, $row := $data }} | ||
{{ if gt $i 0 }} | ||
{{/* Skip the header row */}} | ||
{{ $hasAccess := false }} | ||
{{/* Flag to track if the row has access for the category */}} | ||
{{ $functionValue := "" }} | ||
{{/* Variable to hold the Function value */}} | ||
{{ $featureValue := "" }} | ||
{{/* Variable to hold the Feature value */}} | ||
|
||
{{/* Find the column indices for Category, Function, and Feature */}} | ||
{{ $categoryIndex := -1 }} | ||
{{ $functionIndex := -1 }} | ||
{{ $featureIndex := -1 }} | ||
{{ range $j, $header := index $data 1 }} | ||
{{/* Assuming the first row contains headers */}} | ||
{{ if eq $header $category }} | ||
{{/* Check if the header matches the current category */}} | ||
{{ $categoryIndex = $j }} | ||
{{ end }} | ||
{{ if eq $header "Function" }} | ||
{{ $functionIndex = $j }} | ||
{{ end }} | ||
{{ if eq $header "Feature" }} | ||
{{ $featureIndex = $j }} | ||
{{ end }} | ||
{{ end }} | ||
|
||
{{/* Check if the row has access for the category */}} | ||
{{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }} | ||
{{ $hasAccess = true }} | ||
{{ end }} | ||
{{/* Get the Function and Feature values if the row has access */}} | ||
{{ if $hasAccess }} | ||
{{ $functionValue = index $row $functionIndex }} | ||
{{ $featureValue = index $row $featureIndex }} | ||
{{ end }} | ||
|
||
{{/* Print the row if it has access */}} | ||
{{ if $hasAccess }} | ||
<tr> | ||
<td>{{ $functionValue }} </td> | ||
<td>{{ $featureValue }}</td> | ||
</tr> | ||
{{ end }} | ||
{{ end }} | ||
{{ end }} | ||
{{ end }} | ||
{{/* Check if the row has access for the category */}} | ||
{{ if and (ge $categoryIndex 0) (or (eq (index $row $categoryIndex) "X") (eq (index $row $categoryIndex) "X*")) }} | ||
{{ $hasAccess = true }} | ||
{{ end }} | ||
{{/* Get the Function and Feature values if the row has access */}} | ||
{{ if $hasAccess }} | ||
{{ $functionValue = index $row $functionIndex }} | ||
{{ $featureValue = index $row $featureIndex }} | ||
{{ end }} | ||
{{/* Print the row if it has access */}} | ||
{{ if $hasAccess }} | ||
<tr> | ||
<td>{{ $functionValue }} </td> | ||
<td>{{ $featureValue }}</td> | ||
</tr> | ||
{{end}} | ||
{{ end }} {{ end }} | ||
</tbody> | ||
</table> | ||
</div> | ||
{{ end }} {{ else }} | ||
<p>No data available.</p> | ||
</tbody> | ||
</table> | ||
</div> | ||
{{ end }} | ||
{{ else }} | ||
<p>No data available.</p> | ||
{{ end }} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have since then removed the workspace manager role and this change isn't needed now.