Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add custom roles to organization management #40

Merged
merged 5 commits into from
Jul 4, 2024
Merged
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file modified serverless/images/individual-role.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
9 changes: 4 additions & 5 deletions serverless/pages/custom-roles.mdx
Original file line number Diff line number Diff line change
@@ -2,16 +2,15 @@
slug: /serverless/custom-roles
title: Custom roles
description: Create and manage roles that grant privileges within your project.
tags: [ 'serverless', 'Elasticsearch', 'Observability', 'Security' ]
tags: [ 'serverless', 'Elasticsearch', 'Security' ]
---

<DocIf condition={"((serverlessCustomRoles))" === "false"}>
<DocBadgeComingSoon>Coming soon</DocBadgeComingSoon>
</DocIf>

<DocIf condition={"((serverlessCustomRoles))" === "true"}>
<DocBadge template="technical preview" />
This content applies to: <DocBadge template="elasticsearch" slug="/serverless/elasticsearch/what-is-elasticsearch-serverless" /> <DocBadge template="observability" slug="/serverless/observability/what-is-observability-serverless" /> <DocBadge template="security" slug="/serverless/security/what-is-security-serverless" />
This content applies to: <DocBadge template="elasticsearch" slug="/serverless/elasticsearch/what-is-elasticsearch-serverless" /> <DocBadge template="security" slug="/serverless/security/what-is-security-serverless" />

The built-in <DocLink slug="/serverless/general/assign-user-roles" section="organization-level-roles">organization-level roles</DocLink> and <DocLink slug="/serverless/general/assign-user-roles" section="instance-access-roles">instance access roles</DocLink> are great for getting started with ((serverless-full)), and for system administrators who do not need more restrictive access.

@@ -92,6 +91,6 @@ As new features are added to ((serverless-full)), roles that use the custom opti
</DocCallOut>

After your roles are set up, the next step to securing access is to assign roles to your users.
{/* Click the **Assign roles** link... */}
Learn more in <DocLink slug="/serverless/general/assign-user-roles" />
Click the **Assign roles** link to go to the **Members** tab of the **Organization** page.
Learn more in <DocLink slug="/serverless/general/assign-user-roles" />.
</DocIf>
27 changes: 20 additions & 7 deletions serverless/pages/manage-access-to-org-user-roles.mdx
Original file line number Diff line number Diff line change
@@ -8,12 +8,12 @@ tags: [ 'serverless', 'general', 'organization', 'roles', 'how to' ]
<DocBadge template="technical preview" />
Within an organization, users can have one or more roles and each role grants specific privileges.

You can set a role:
You must assign user roles when you <DocLink slug="/serverless/general/manage-access-to-organization">invite users to join your organization</DocLink>.
To subsequently edit the roles assigned to a user:

- globally, for all projects of the same type (Elasticsearch, Observability, or Security). In this case, the role will also apply to new projects created later.
- individually, for specific projects only. To do that, you have to set the **Role for all instances** field of that specific project type to **None**.
1. Go to the user icon on the header bar and select **Organization**.

<DocImage size="l" url="../images/individual-role.png" alt="Individual role" />
2. Find the user on the **Members** tab of the **Organization** page. Click the member name to view and edit its roles.

## Organization-level roles

@@ -24,24 +24,37 @@ You can set a role:
## Instance access roles

Each serverless project type has a set of predefined roles that you can assign to your organization members.
You can assign the predefined roles:

- globally, for all projects of the same type (((es-serverless)), ((observability)), or ((security))). In this case, the role will also apply to new projects created later.
- individually, for specific projects only. To do that, you have to set the **Role for all** field of that specific project type to **None**.

For example, you can assign a user the developer role for a specific ((es-serverless)) project:

<DocImage size="l" url="../images/individual-role.png" alt="Individual role" />

{/* <DocIf condition={"((serverlessCustomRoles))" === "true"}> */}
You can also optionally <DocLink slug="/serverless/custom-roles">create custom roles in a project</DocLink>.
To assign these roles to users, select them from the list of individual instance access roles.
lcawl marked this conversation as resolved.
Show resolved Hide resolved
{/* </DocIf> */}

### Elasticsearch
### ((es))

- **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.

- **Developer**. Creates API keys, indices, data streams, adds connectors, and builds visualizations.

- **Viewer**. Has read-only access to project details, data, and features.

### Observability
### ((observability))

- **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.

- **Editor**. Configures all Observability projects. Has read-only access to data indices. Has full access to all project features.

- **Viewer**. Has read-only access to project details, data, and features.

### Security
### ((security))

- **Admin**. Has full access to project management, properties, and security privileges. Admins log into projects with superuser role privileges.

11 changes: 3 additions & 8 deletions serverless/pages/manage-access-to-org.mdx
Original file line number Diff line number Diff line change
@@ -5,21 +5,16 @@ description: Add members to your organization and projects.
tags: [ 'serverless', 'general', 'organization', 'overview' ]
---

To allow other users to interact with your projects, you must invite them to join your organization.

When inviting them, you also <DocLink slug="/serverless/general/assign-user-roles" text="assign roles"/> to define their access to your organization resources and instances.
To allow other users to interact with your projects, you must invite them to join your organization and grant them access to your organization resources and instances.

1. Go to the user icon on the header bar and select **Organization**.

2. Click **Invite members**.

You can add multiple members by entering their email addresses separated by a space.

You can grant access to all projects of the same type with a unique role, or select individual roles for specific projects only.

<DocCallOut color="success">
In **Instance access**, The **Deployment** tab correspond to [hosted deployments](https://www.elastic.co/guide/en/cloud/current/ec-getting-started.html), while **Elasticsearch**, **Observability**, and **Security** correspond to serverless projects.
</DocCallOut>
You can grant access to all projects of the same type with a unique role, or select individual roles for specific projects.
For more details about roles, refer to <DocLink slug="/serverless/general/assign-user-roles"/>.

3. Click **Send invites**.