Add custom roles to organization management (#40)

Co-authored-by: Alex Chalkias <[email protected]>
elastic · Jul 4, 2024 · 87e122d · 87e122d
1 parent 03822dd
commit 87e122d
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 20 deletions.
diff --git a/serverless/images/individual-role.png b/serverless/images/individual-role.png
diff --git a/serverless/pages/custom-roles.mdx b/serverless/pages/custom-roles.mdx
@@ -2,16 +2,15 @@
 slug: /serverless/custom-roles
 title: Custom roles
 description: Create and manage roles that grant privileges within your project.
-tags: [ 'serverless', 'Elasticsearch', 'Observability', 'Security' ]
+tags: [ 'serverless', 'Elasticsearch', 'Security' ]
 ---
-
 <DocIf condition={"((serverlessCustomRoles))" === "false"}>
 <DocBadgeComingSoon>Coming soon</DocBadgeComingSoon>
 </DocIf>
 
 <DocIf condition={"((serverlessCustomRoles))" === "true"}>
 <DocBadge template="technical preview" />
-This content applies to: <DocBadge template="elasticsearch" slug="/serverless/elasticsearch/what-is-elasticsearch-serverless" /> <DocBadge template="observability" slug="/serverless/observability/what-is-observability-serverless" /> <DocBadge template="security" slug="/serverless/security/what-is-security-serverless" />
+This content applies to: <DocBadge template="elasticsearch" slug="/serverless/elasticsearch/what-is-elasticsearch-serverless" /> <DocBadge template="security" slug="/serverless/security/what-is-security-serverless" />
 
 The built-in <DocLink slug="/serverless/general/assign-user-roles" section="organization-level-roles">organization-level roles</DocLink> and <DocLink slug="/serverless/general/assign-user-roles" section="instance-access-roles">instance access roles</DocLink> are great for getting started with ((serverless-full)), and for system administrators who do not need more restrictive access.
 
@@ -92,6 +91,6 @@ As new features are added to ((serverless-full)), roles that use the custom opti
 </DocCallOut>
 
 After your roles are set up, the next step to securing access is to assign roles to your users.
-{/* Click the **Assign roles** link... */}
-Learn more in <DocLink slug="/serverless/general/assign-user-roles" /> 
+Click the **Assign roles** link to go to the **Members** tab of the **Organization** page. 
+Learn more in <DocLink slug="/serverless/general/assign-user-roles" />.
 </DocIf>
diff --git a/serverless/pages/manage-access-to-org-user-roles.mdx b/serverless/pages/manage-access-to-org-user-roles.mdx
@@ -8,12 +8,12 @@ tags: [ 'serverless', 'general', 'organization', 'roles', 'how to' ]
 <DocBadge template="technical preview" />
 Within an organization, users can have one or more roles and each role grants specific privileges.
 
-You can set a role:
+You must assign user roles when you <DocLink slug="/serverless/general/manage-access-to-organization">invite users to join your organization</DocLink>.
+To subsequently edit the roles assigned to a user:
 
-- globally, for all projects of the same type (Elasticsearch, Observability, or Security). In this case, the role will also apply to new projects created later.
-- individually, for specific projects only. To do that, you have to set the **Role for all instances** field of that specific project type to **None**.
+1. Go to the user icon on the header bar and select **Organization**.
 
-<DocImage size="l" url="../images/individual-role.png" alt="Individual role" />
+2. Find the user on the **Members** tab of the **Organization** page. Click the member name to view and edit its roles.
 
 ## Organization-level roles
 
@@ -24,24 +24,37 @@ You can set a role:
 ## Instance access roles
 
 Each serverless project type has a set of predefined roles that you can assign to your organization members.
+You can assign the predefined roles:
+
+- globally, for all projects of the same type (((es-serverless)), ((observability)), or ((security))). In this case, the role will also apply to new projects created later.
+- individually, for specific projects only. To do that, you have to set the **Role for all** field of that specific project type to **None**.
+
+For example, you can assign a user the developer role for a specific ((es-serverless)) project:
+
+<DocImage size="l" url="../images/individual-role.png" alt="Individual role" />
+
+<DocIf condition={"((serverlessCustomRoles))" === "true"}>
+You can also optionally <DocLink slug="/serverless/custom-roles">create custom roles in a project</DocLink>.
+To assign a custom role to users, go to "Instance access roles" and select it from the list under the specific project it was created in.
+</DocIf>
 
-### Elasticsearch
+### ((es))
 
 - **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.
 
 - **Developer**. Creates API keys, indices, data streams, adds connectors, and builds visualizations.
 
 - **Viewer**. Has read-only access to project details, data, and features.
 
-### Observability
+### ((observability))
 
 - **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.
 
 - **Editor**. Configures all Observability projects. Has read-only access to data indices. Has full access to all project features.
 
 - **Viewer**. Has read-only access to project details, data, and features.
 
-### Security
+### ((security))
 
 - **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.
 

diff --git a/serverless/pages/manage-access-to-org.mdx b/serverless/pages/manage-access-to-org.mdx
@@ -5,21 +5,16 @@ description: Add members to your organization and projects.
 tags: [ 'serverless', 'general', 'organization', 'overview' ]
 ---
 
-To allow other users to interact with your projects, you must invite them to join your organization.
-
-When inviting them, you also <DocLink slug="/serverless/general/assign-user-roles" text="assign roles"/> to define their access to your organization resources and instances.
+To allow other users to interact with your projects, you must invite them to join your organization and grant them access to your organization resources and instances.
 
 1. Go to the user icon on the header bar and select **Organization**.
 
 2. Click **Invite members**.
 
    You can add multiple members by entering their email addresses separated by a space.
 
-   You can grant access to all projects of the same type with a unique role, or select individual roles for specific projects only.
-
-   <DocCallOut color="success">
-      In **Instance access**, The **Deployment** tab correspond to [hosted deployments](https://www.elastic.co/guide/en/cloud/current/ec-getting-started.html), while **Elasticsearch**, **Observability**, and **Security** correspond to serverless projects.
-   </DocCallOut>
+   You can grant access to all projects of the same type with a unique role, or select individual roles for specific projects.
+   For more details about roles, refer to <DocLink slug="/serverless/general/assign-user-roles"/>.
 
 3. Click **Send invites**.