Skip to content

Commit

Permalink
Add custom roles to organization management
Browse files Browse the repository at this point in the history
  • Loading branch information
lcawl committed Jul 3, 2024
1 parent 4fc4d12 commit c0aac88
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 15 deletions.
Binary file modified serverless/images/individual-role.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
26 changes: 19 additions & 7 deletions serverless/pages/manage-access-to-org-user-roles.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,12 @@ tags: [ 'serverless', 'general', 'organization', 'roles', 'how to' ]
<DocBadge template="technical preview" />
Within an organization, users can have one or more roles and each role grants specific privileges.

You can set a role:
You must assign user roles when you <DocLink slug="/serverless/general/manage-access-to-organization">invite users to join your organization</DocLink>.
To subsequently edit the roles assigned to a user:

- globally, for all projects of the same type (Elasticsearch, Observability, or Security). In this case, the role will also apply to new projects created later.
- individually, for specific projects only. To do that, you have to set the **Role for all instances** field of that specific project type to **None**.
1. Go to the user icon on the header bar and select **Organization**.

<DocImage size="l" url="../images/individual-role.png" alt="Individual role" />
2. Find the user on the **Members** tab of the **Organization** page. Click the member name to view and edit its roles.

## Organization-level roles

Expand All @@ -24,24 +24,36 @@ You can set a role:
## Instance access roles

Each serverless project type has a set of predefined roles that you can assign to your organization members.
You can also optionally <DocLink slug="/serverless/custom-roles">create custom roles</DocLink> within a project.

You can assign the predefined roles:

- globally, for all projects of the same type (((es-serverless)), ((observability)), or ((security))). In this case, the role will also apply to new projects created later.
- individually, for specific projects only. To do that, you have to set the **Role for all** field of that specific project type to **None**.

For example, you can assign a user the developer role for a specific ((es-serverless)) project:

<DocImage size="l" url="../images/individual-role.png" alt="Individual role" />

You can assign custom roles only individually to a specific project.

### Elasticsearch
### ((es))

- **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.

- **Developer**. Creates API keys, indices, data streams, adds connectors, and builds visualizations.

- **Viewer**. Has read-only access to project details, data, and features.

### Observability
### ((observability))

- **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.

- **Editor**. Configures all Observability projects. Has read-only access to data indices. Has full access to all project features.

- **Viewer**. Has read-only access to project details, data, and features.

### Security
### ((security))

- **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.

Expand Down
11 changes: 3 additions & 8 deletions serverless/pages/manage-access-to-org.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -5,21 +5,16 @@ description: Add members to your organization and projects.
tags: [ 'serverless', 'general', 'organization', 'overview' ]
---

To allow other users to interact with your projects, you must invite them to join your organization.

When inviting them, you also <DocLink slug="/serverless/general/assign-user-roles" text="assign roles"/> to define their access to your organization resources and instances.
To allow other users to interact with your projects, you must invite them to join your organization and grant them access to your organization resources and instances.

1. Go to the user icon on the header bar and select **Organization**.

2. Click **Invite members**.

You can add multiple members by entering their email addresses separated by a space.

You can grant access to all projects of the same type with a unique role, or select individual roles for specific projects only.

<DocCallOut color="success">
In **Instance access**, The **Deployment** tab correspond to [hosted deployments](https://www.elastic.co/guide/en/cloud/current/ec-getting-started.html), while **Elasticsearch**, **Observability**, and **Security** correspond to serverless projects.
</DocCallOut>
You can grant access to all projects of the same type with a unique role, or select individual roles for specific projects.
For more details about roles, refer to <DocLink slug="/serverless/general/assign-user-roles"/>.

3. Click **Send invites**.

Expand Down

0 comments on commit c0aac88

Please sign in to comment.