From 320d08f427d4ac14cd8286f44ed29aac6ce648f6 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Wed, 19 Mar 2025 17:47:53 -0700 Subject: [PATCH 01/11] Accounts doc updates --- style.css | 15 +++++++++ ui/account/organizations.mdx | 51 +++++++++++++++++++++++++++++++ ui/account/roles.mdx | 17 +++++++++++ ui/account/workspaces.mdx | 59 ++++++++++++++++++++++++++++++++++++ 4 files changed, 142 insertions(+) create mode 100644 style.css create mode 100644 ui/account/organizations.mdx create mode 100644 ui/account/roles.mdx create mode 100644 ui/account/workspaces.mdx diff --git a/style.css b/style.css new file mode 100644 index 00000000..96734955 --- /dev/null +++ b/style.css @@ -0,0 +1,15 @@ +.yes-label { + background-color: green; + color: white; + padding: 4px 8px; + border-radius: 4px; + display: inline-block; +} + +.no-label { + background-color: red; + color: white; + padding: 4px 8px; + border-radius: 4px; + display: inline-block; +} \ No newline at end of file diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx new file mode 100644 index 00000000..3b44e134 --- /dev/null +++ b/ui/account/organizations.mdx @@ -0,0 +1,51 @@ +--- +title: Organizations +sidebarTitle: Organizations +--- + +An _organization_ is a collection of users and [workspaces](/account/workspaces) within an Unstructured account. Organizations are used to manage +user access to workspaces within the organization. + +Currently, only Unstructured representatives can create organizations in Unstructured accounts. To request an organization to be created in your account, +contact your Unstructured representative. + +## Organizational structure + +An organization is part of one (and only one) Unstructured account. An account can have multiple organizations. +Each organization can have multiple [workspaces](/account/workspaces). + +```mermaid +graph TD + Account --> Org1[Organization 1] + Account --> Org2[Organization 2] + + Org1 --> Workspace1A[Workspace 1A] + Org1 --> Workspace1B[Workspace 1B] + + Org2 --> Workspace2A[Workspace 2A] + Org2 --> Workspace2B[Workspace 2B] +``` + +An organization can have multiple users. A user can have access to multiple workspaces within the same organization. + +Although an Unstructured account can have multiple users, each user must be added separately to each organization that they are allowed to access. + +```mermaid +graph TD + Account --> Org1[Organization 1] + Account --> Org2[Organization 2] + + Account -.-> User1[User 1] + Account -.-> User2[User 2] + Account -.-> User3[User 3] + + User1 -.-> Org1 + User2 -.-> Org1 + User2 -.-> Org2 + User3 -.-> Org2 +``` + +## Add a user to an organization + + +## Remove a user from an organization \ No newline at end of file diff --git a/ui/account/roles.mdx b/ui/account/roles.mdx new file mode 100644 index 00000000..bce0e9da --- /dev/null +++ b/ui/account/roles.mdx @@ -0,0 +1,17 @@ +--- +title: Role-based access control (RBAC) +sidebarTitle: Roles +--- + + +## Available roles + +| Permission | Super Administrator | General Developer | Billing | +|---|---|---|---| +| Create new organizational account | Yes | No | No | +| Add user to organizational account | Yes | No | No | + +## Assign a role to a user + + +## Remove a role from a user \ No newline at end of file diff --git a/ui/account/workspaces.mdx b/ui/account/workspaces.mdx new file mode 100644 index 00000000..8878e757 --- /dev/null +++ b/ui/account/workspaces.mdx @@ -0,0 +1,59 @@ +--- +title: Workspaces +sidebarTitle: Workspaces +--- + +A _workspace_ is a collection of resources within an Unstructured account. Workspaces are used to manage +access to those resources by users within the related organization. + +## Workspace structure + +A workspace is part of one (and only one) [organization](/account/organizations) in an Unstructured account. + +An organization can have multiple workspaces. An Unstructured account can have multiple organizations. + +```mermaid +graph TD + Account --> Org1[Organization 1] + Account --> Org2[Organization 2] + + Org1 --> Workspace1A[Workspace 1A] + Org1 --> Workspace1B[Workspace 1B] + + Org2 --> Workspace2A[Workspace 2A] + Org2 --> Workspace2B[Workspace 2B] +``` + +Organization users can have access to multiple workspaces within the same organization. + + +```mermaid +graph TD + OrgA[Organization A] + + OrgA -.-> User1[User 1] + OrgA -.-> User2[User 2] + OrgA -.-> User3[User 3] + + OrgA --> WorkspaceA1[Workspace A1] + OrgA --> WorkspaceA2[Workspace A2] + OrgA --> WorkspaceA3[Workspace A3] + OrgA --> WorkspaceA4[Workspace A4] + + User1[User 1] -.-> WorkspaceA1 + User1[User 1] -.-> WorkspaceA2 + User2[User 2] -.-> WorkspaceA2 + User2[User 2] -.-> WorkspaceA3 + User3[User 3] -.-> WorkspaceA4 +``` + +## Create a workspace + +Currently, only Unstructured representatives can create organizations in Unstructured accounts. To request an organization to be created in your account, +contact your Unstructured representative. + +## Set a budget limit for a workspace + + +## Track usage for a workspace against a budget limit + From 929415f4a0e7c2f478cb44009618df9e6a921a19 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Thu, 20 Mar 2025 15:41:01 -0700 Subject: [PATCH 02/11] Arch diagram cleanup, more task headings --- ui/account/organizations.mdx | 164 +++++++++++++++++++++++++++++------ ui/account/workspaces.mdx | 142 +++++++++++++++++++++++------- 2 files changed, 251 insertions(+), 55 deletions(-) diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx index 3b44e134..4aaf73dc 100644 --- a/ui/account/organizations.mdx +++ b/ui/account/organizations.mdx @@ -3,49 +3,163 @@ title: Organizations sidebarTitle: Organizations --- -An _organization_ is a collection of users and [workspaces](/account/workspaces) within an Unstructured account. Organizations are used to manage -user access to workspaces within the organization. +An _organization_ is a collection of Unstructured [workspaces](/account/workspaces). An Unstructured _organizational account_ manages +Unstructured _account user access_ to workspaces within organizations. -Currently, only Unstructured representatives can create organizations in Unstructured accounts. To request an organization to be created in your account, +Currently, only Unstructured representatives can create organizational accounts. To request an organizational account to be created, contact your Unstructured representative. -## Organizational structure +## Organizational account structure -An organization is part of one (and only one) Unstructured account. An account can have multiple organizations. -Each organization can have multiple [workspaces](/account/workspaces). +An organizational account operates independently of all other organizational accounts. Each organization can have multiple [workspaces](/account/workspaces). ```mermaid -graph TD - Account --> Org1[Organization 1] - Account --> Org2[Organization 2] - - Org1 --> Workspace1A[Workspace 1A] - Org1 --> Workspace1B[Workspace 1B] +graph LR + Org1[Organization 1] + Org2[Organization 2] + Org3[Organization 3] + WS1A[Workspace 1A] + WS2A[Workspace 2A] + WS2B[Workspace 2B] + WS3A[Workspace 3A] + WS3B[Workspace 3B] + WS3C[Workspace 3C] + + Org1 --> WS1A - Org2 --> Workspace2A[Workspace 2A] - Org2 --> Workspace2B[Workspace 2B] + Org2 --> WS2A + Org2 --> WS2B + + Org3 --> WS3A + Org3 --> WS3B + Org3 --> WS3C ``` -An organization can have multiple users. A user can have access to multiple workspaces within the same organization. +An account user can have access to multiple organizational accounts. -Although an Unstructured account can have multiple users, each user must be added separately to each organization that they are allowed to access. +```mermaid +graph LR + User1[User 1] + User2[User 2] + User3[User 3] + Org1[Organization 1] + Org2[Organization 2] + Org3[Organization 3] + + User1 -.-> Org1 + User2 -.-> Org1 + User2 -.-> Org2 + User3 -.-> Org1 + User3 -.-> Org2 + User3 -.-> Org3 +``` + +Each user also has access to their own personal account, which is separate from any organizational accounts. Personal accounts do not have workspaces. ```mermaid -graph TD - Account --> Org1[Organization 1] - Account --> Org2[Organization 2] +graph LR + User1[User 1] + User2[User 2] + User3[User 3] + PA1[Personal Account for User 1] + PA2[Personal Account for User 2] + PA3[Personal Account for User 3] + Org1[Organization 1] + Org2[Organization 2] + Org3[Organization 3] - Account -.-> User1[User 1] - Account -.-> User2[User 2] - Account -.-> User3[User 3] - + User1 --> PA1 + User2 --> PA2 + User3 --> PA3 User1 -.-> Org1 User2 -.-> Org1 User2 -.-> Org2 + User3 -.-> Org1 User3 -.-> Org2 + User3 -.-> Org3 ``` -## Add a user to an organization +Within an organization, a user can have access to multiple workspaces within that organization. + +```mermaid +graph LR + User1[User 1] + User2_Org1[User 2] + User2_Org2[User 2] + User3_Org1[User 3] + User3_Org2[User 3] + User3_Org3[User 3] + + Org1[Organization 1] + Org2[Organization 2] + Org3[Organization 3] + + WS1A[Workspace 1A] + WS2A[Workspace 2A] + WS2B[Workspace 2B] + WS3A[Workspace 3A] + WS3B[Workspace 3B] + WS3C[Workspace 3C] + + Org1 --> WS1A + Org1 -.-> User1 + Org1 -.-> User2_Org1 + Org1 -.-> User3_Org1 + User1 -.-> WS1A + User2_Org1 -.-> WS1A + User3_Org1 -.-> WS1A + + Org2 --> WS2A + Org2 --> WS2B + Org2 -.-> User2_Org2 + Org2 -.-> User3_Org2 + User2_Org2 -.-> WS2A + User2_Org2 -.-> WS2B + User3_Org2 -.-> WS2B + + Org3 --> WS3A + Org3 --> WS3B + Org3 --> WS3C + Org3 -.-> User3_Org3 + User3_Org3 -.-> WS3A + User3_Org3 -.-> WS3B + User3_Org3 -.-> WS3C +``` + +Each user must be explicitly added to the organizations—and workspaces within those organizations—that they are allowed to access. + +## Create an organization + +## Access an organization + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... + +## Add a member to an organization + +An Unstructured user account that is added to an organization is referred to an a _member_ of that organization. + +To add a user account to an organization as a member: + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... + +## Remove a member from an organization + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... + +## Permanently delete an organization + + + Deleting an organization is a permanent action and is not recoverable. Once an organization is deleted, all workspaces associated with that + organization are also deleted and are not recoverable. + + The organization's users are not deleted, but they will no longer have access to the deleted organization or any of its workspaces. + Any code or scripts that reference connectors, workflows, jobs, or API keys that are associated with workflows in the deleted + organization will fail. + -## Remove a user from an organization \ No newline at end of file +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... \ No newline at end of file diff --git a/ui/account/workspaces.mdx b/ui/account/workspaces.mdx index 8878e757..1673509a 100644 --- a/ui/account/workspaces.mdx +++ b/ui/account/workspaces.mdx @@ -3,57 +3,139 @@ title: Workspaces sidebarTitle: Workspaces --- -A _workspace_ is a collection of resources within an Unstructured account. Workspaces are used to manage -access to those resources by users within the related organization. +A _workspace_ is a collection of resources (such as connectors, workflows, jobs, and API keys) +within an Unstructured _organizational account_. Workspaces are used to manage +access to those resources by Unstructured _account users_ that have access to the workspace's related _organization_. -## Workspace structure +## Workspace architecture -A workspace is part of one (and only one) [organization](/account/organizations) in an Unstructured account. +A workspace is part of one (and only one) [organization](/account/organizations). -An organization can have multiple workspaces. An Unstructured account can have multiple organizations. +An organization can have multiple workspaces. ```mermaid -graph TD - Account --> Org1[Organization 1] - Account --> Org2[Organization 2] - - Org1 --> Workspace1A[Workspace 1A] - Org1 --> Workspace1B[Workspace 1B] +graph LR + Org1[Organization 1] + Org2[Organization 2] + Org3[Organization 3] + WS1A[Workspace 1A] + WS2A[Workspace 2A] + WS2B[Workspace 2B] + WS3A[Workspace 3A] + WS3B[Workspace 3B] + WS3C[Workspace 3C] + + Org1 --> WS1A - Org2 --> Workspace2A[Workspace 2A] - Org2 --> Workspace2B[Workspace 2B] -``` + Org2 --> WS2A + Org2 --> WS2B -Organization users can have access to multiple workspaces within the same organization. + Org3 --> WS3A + Org3 --> WS3B + Org3 --> WS3C +``` +Unstructured account users can have access to multiple workspaces within an organization. ```mermaid -graph TD - OrgA[Organization A] +graph LR + User1[User 1] + User2_Org1[User 2] + User2_Org2[User 2] + User3_Org1[User 3] + User3_Org2[User 3] + User3_Org3[User 3] + + Org1[Organization 1] + Org2[Organization 2] + Org3[Organization 3] + + WS1A[Workspace 1A] + WS2A[Workspace 2A] + WS2B[Workspace 2B] + WS3A[Workspace 3A] + WS3B[Workspace 3B] + WS3C[Workspace 3C] - OrgA -.-> User1[User 1] - OrgA -.-> User2[User 2] - OrgA -.-> User3[User 3] + Org1 --> WS1A + Org1 -.-> User1 + Org1 -.-> User2_Org1 + Org1 -.-> User3_Org1 + User1 -.-> WS1A + User2_Org1 -.-> WS1A + User3_Org1 -.-> WS1A - OrgA --> WorkspaceA1[Workspace A1] - OrgA --> WorkspaceA2[Workspace A2] - OrgA --> WorkspaceA3[Workspace A3] - OrgA --> WorkspaceA4[Workspace A4] + Org2 --> WS2A + Org2 --> WS2B + Org2 -.-> User2_Org2 + Org2 -.-> User3_Org2 + User2_Org2 -.-> WS2A + User2_Org2 -.-> WS2B + User3_Org2 -.-> WS2B - User1[User 1] -.-> WorkspaceA1 - User1[User 1] -.-> WorkspaceA2 - User2[User 2] -.-> WorkspaceA2 - User2[User 2] -.-> WorkspaceA3 - User3[User 3] -.-> WorkspaceA4 + Org3 --> WS3A + Org3 --> WS3B + Org3 --> WS3C + Org3 -.-> User3_Org3 + User3_Org3 -.-> WS3A + User3_Org3 -.-> WS3B + User3_Org3 -.-> WS3C ``` +Each user must be explicitly added to each workspace that they are allowed to access. This assumes that the user has first been added +to the workspace's parent organization. + ## Create a workspace -Currently, only Unstructured representatives can create organizations in Unstructured accounts. To request an organization to be created in your account, +To create a workspace, you must first have an available Unstructured organizational account. + +Currently, only Unstructured representatives can create organizational accounts. To request an organizational account to be created, contact your Unstructured representative. +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... + +## Access a workspace + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... + +## Add a member to a workspace + +An Unstructured user account that is added to a workspace is referred to an a _member_ of that workspace. + +To add a user account to a workspace as a member: + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... +3. Make sure the user account that you want to add has already been added as a member of the workspace's parent organization. [Learn how](). +4. ... + +## Remove a member from a workspace + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... + ## Set a budget limit for a workspace +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... ## Track usage for a workspace against a budget limit +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... + +## Permanently delete a workspace + + + Deleting a workspace is a permanent action and is not recoverable. Once a workspace is deleted, all connectors, workflows, jobs, and + API keys that are associated with that workspace are also deleted and are not recoverable. + + The workspace's users are not deleted, but they will no longer have access to the deleted workspace's connectors, workflows, jobs, and API keys. + + Any code or scripts that reference the deleted workspace's connectors, workflows, jobs, or API keys will fail. + + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... \ No newline at end of file From 9b0d3f59a2602c449b6a14cc09477435f9a7e1de Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Thu, 20 Mar 2025 15:48:00 -0700 Subject: [PATCH 03/11] More diagram tweaks --- ui/account/organizations.mdx | 12 ++++++------ ui/account/workspaces.mdx | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx index 4aaf73dc..9e9dde05 100644 --- a/ui/account/organizations.mdx +++ b/ui/account/organizations.mdx @@ -4,14 +4,14 @@ sidebarTitle: Organizations --- An _organization_ is a collection of Unstructured [workspaces](/account/workspaces). An Unstructured _organizational account_ manages -Unstructured _account user access_ to workspaces within organizations. +access by Unstructured _account users_ to workspaces within organizations. -Currently, only Unstructured representatives can create organizational accounts. To request an organizational account to be created, -contact your Unstructured representative. +A _workspace_ is a collection of resources +(such as connectors, workflows, jobs, and API keys) within an organization. -## Organizational account structure +## Organization architecture -An organizational account operates independently of all other organizational accounts. Each organization can have multiple [workspaces](/account/workspaces). +An organization account operates independently of all other organizations. Each organization can have multiple [workspaces](/account/workspaces). ```mermaid graph LR @@ -35,7 +35,7 @@ graph LR Org3 --> WS3C ``` -An account user can have access to multiple organizational accounts. +A user can have access to multiple organizations. ```mermaid graph LR diff --git a/ui/account/workspaces.mdx b/ui/account/workspaces.mdx index 1673509a..1e43c129 100644 --- a/ui/account/workspaces.mdx +++ b/ui/account/workspaces.mdx @@ -5,7 +5,7 @@ sidebarTitle: Workspaces A _workspace_ is a collection of resources (such as connectors, workflows, jobs, and API keys) within an Unstructured _organizational account_. Workspaces are used to manage -access to those resources by Unstructured _account users_ that have access to the workspace's related _organization_. +access to those resources by Unstructured _account users_ that first have access to the workspace's related _organization_. ## Workspace architecture From 15373f033ef9e76176d161cc953f60a69ab6a9a9 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Fri, 21 Mar 2025 10:31:01 -0700 Subject: [PATCH 04/11] Personal accounts are separate from organizational accounts. Personal API keys and separate from workspace API keys. --- ui/account/organizations.mdx | 29 ++++++++++++++++++++--------- ui/account/workspaces.mdx | 32 +++++++++++++++++++++++++------- 2 files changed, 45 insertions(+), 16 deletions(-) diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx index 9e9dde05..72e07dcb 100644 --- a/ui/account/organizations.mdx +++ b/ui/account/organizations.mdx @@ -7,7 +7,7 @@ An _organization_ is a collection of Unstructured [workspaces](/account/workspac access by Unstructured _account users_ to workspaces within organizations. A _workspace_ is a collection of resources -(such as connectors, workflows, jobs, and API keys) within an organization. +(such as connectors, workflows, jobs, and workspace API keys) within an organization. ## Organization architecture @@ -35,7 +35,7 @@ graph LR Org3 --> WS3C ``` -A user can have access to multiple organizations. +An account user can have access to multiple organizations. ```mermaid graph LR @@ -54,7 +54,18 @@ graph LR User3 -.-> Org3 ``` -Each user also has access to their own personal account, which is separate from any organizational accounts. Personal accounts do not have workspaces. +Each account user also has access to their own Unstructured _personal account_, which is separate from any organizational accounts. Personal accounts do not have workspaces. + +Users create personal accounts when they initially sign up for Unstructured in one of the following ways: + +- Going to [https://platform.unstructured.io](https://platform.unstructured.io) and using their email address, Google account, or GitHub account to + sign up for a new Unstructured personal account and sign into that account at the same time. +- Going to the [For Developers](https://unstructured.io/developers) page on the Unstructured website and completing the on-screen [signup form](https://unstructured.io/developers#get-started). + +The user of the personal account is now an Unstructured _account user_ that can be added to organizations and workspaces within those organizations. + +Personal accounts are not associated with any organization. Resources in personal accounts (such as connectors, workflows, jobs, and personal API keys) cannot +be shared with nor migrated over into an organization. ```mermaid graph LR @@ -79,7 +90,7 @@ graph LR User3 -.-> Org3 ``` -Within an organization, a user can have access to multiple workspaces within that organization. +Within an organization, an account user can have access to multiple workspaces within that organization. ```mermaid graph LR @@ -126,7 +137,7 @@ graph LR User3_Org3 -.-> WS3C ``` -Each user must be explicitly added to the organizations—and workspaces within those organizations—that they are allowed to access. +Each account user must be explicitly added to the organizations—and workspaces within those organizations—that they are allowed to access. ## Create an organization @@ -137,9 +148,9 @@ Each user must be explicitly added to the organizations—and workspaces wit ## Add a member to an organization -An Unstructured user account that is added to an organization is referred to an a _member_ of that organization. +An Unstructured account user that is added to an organization is referred to an a _member_ of that organization. -To add a user account to an organization as a member: +To add an account user to an organization as a member: 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). 2. In the top navigation bar, ... @@ -155,9 +166,9 @@ To add a user account to an organization as a member: Deleting an organization is a permanent action and is not recoverable. Once an organization is deleted, all workspaces associated with that organization are also deleted and are not recoverable. - The organization's users are not deleted, but they will no longer have access to the deleted organization or any of its workspaces. + The organization's account users are not deleted, but they will no longer have access to the deleted organization or any of its workspaces. - Any code or scripts that reference connectors, workflows, jobs, or API keys that are associated with workflows in the deleted + Any code or scripts that reference connectors, workflows, jobs, or workflow API keys that are associated with workflows in the deleted organization will fail. diff --git a/ui/account/workspaces.mdx b/ui/account/workspaces.mdx index 1e43c129..be4697f7 100644 --- a/ui/account/workspaces.mdx +++ b/ui/account/workspaces.mdx @@ -82,9 +82,13 @@ graph LR User3_Org3 -.-> WS3C ``` -Each user must be explicitly added to each workspace that they are allowed to access. This assumes that the user has first been added +Each account user must be explicitly added to each workspace that they are allowed to access. This assumes that the account user has first been added to the workspace's parent organization. +To make API calls to a workspace, an account user must first create a _workspace API key_ for that workspace and then use that workspace API key to make API calls to that workspace. + +_Personal API keys_ for account users' personal accounts do not work for making API calls to workspaces. Workspace API keys for workspaces do not work for making API calls to personal accounts. + ## Create a workspace To create a workspace, you must first have an available Unstructured organizational account. @@ -102,13 +106,13 @@ contact your Unstructured representative. ## Add a member to a workspace -An Unstructured user account that is added to a workspace is referred to an a _member_ of that workspace. +An Unstructured account user that is added to a workspace is referred to an a _member_ of that workspace. -To add a user account to a workspace as a member: +To add an account user to a workspace as a member: 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). 2. In the top navigation bar, ... -3. Make sure the user account that you want to add has already been added as a member of the workspace's parent organization. [Learn how](). +3. Make sure the account user that you want to add has already been added as a member of the workspace's parent organization. [Learn how](). 4. ... ## Remove a member from a workspace @@ -116,6 +120,20 @@ To add a user account to a workspace as a member: 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). 2. In the top navigation bar, ... +## Create a workspace API key + +To make API calls to a workspace, an account user must first create a workspace API key for that workspace and then use that workspace API key to make API calls to that workspace. + +Pesonal API keys for account users' personal accounts do not work for making API calls to workspaces. Workspace API keys do not work for making API calls to personal accounts. + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... + +## Delete an API key for a workspace + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, ... + ## Set a budget limit for a workspace 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). @@ -130,11 +148,11 @@ To add a user account to a workspace as a member: Deleting a workspace is a permanent action and is not recoverable. Once a workspace is deleted, all connectors, workflows, jobs, and - API keys that are associated with that workspace are also deleted and are not recoverable. + workspace API keys that are associated with that workspace are also deleted and are not recoverable. - The workspace's users are not deleted, but they will no longer have access to the deleted workspace's connectors, workflows, jobs, and API keys. + The workspace's account users are not deleted, but they will no longer have access to the deleted workspace's connectors, workflows, jobs, and workspace API keys. - Any code or scripts that reference the deleted workspace's connectors, workflows, jobs, or API keys will fail. + Any code or scripts that reference the deleted workspace's connectors, workflows, jobs, or workspace API keys will fail. 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). From 0328b66beb585d3503b433035d9d5ab9ccbc4e70 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Mon, 31 Mar 2025 11:45:19 -0700 Subject: [PATCH 05/11] Began adding instructions based on current UI --- ui/account/organizations.mdx | 72 ++++++++++++++++++++++++++---------- ui/account/workspaces.mdx | 37 +++++++++++++----- 2 files changed, 79 insertions(+), 30 deletions(-) diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx index 72e07dcb..494b53a4 100644 --- a/ui/account/organizations.mdx +++ b/ui/account/organizations.mdx @@ -3,15 +3,16 @@ title: Organizations sidebarTitle: Organizations --- -An _organization_ is a collection of Unstructured [workspaces](/account/workspaces). An Unstructured _organizational account_ manages -access by Unstructured _account users_ to workspaces within organizations. +An _organization_ is a collection of Unstructured [workspaces](/account/workspaces). +An Unstructured _organizational account_ manages +access by invited Unstructured _personal account users_ to that organization and its workspaces. -A _workspace_ is a collection of resources +An _organizational workspace_ is a collection of resources (such as connectors, workflows, jobs, and workspace API keys) within an organization. ## Organization architecture -An organization account operates independently of all other organizations. Each organization can have multiple [workspaces](/account/workspaces). +An organizational account operates independently of all other organizational accounts. Each organization can have multiple [workspaces](/account/workspaces). ```mermaid graph LR @@ -35,7 +36,7 @@ graph LR Org3 --> WS3C ``` -An account user can have access to multiple organizations. +A personal account user can have access to multiple organizations. ```mermaid graph LR @@ -54,7 +55,10 @@ graph LR User3 -.-> Org3 ``` -Each account user also has access to their own Unstructured _personal account_, which is separate from any organizational accounts. Personal accounts do not have workspaces. +## Organizational versus personal accounts + +Each personal account user always has access to their own Unstructured _personal account_, which is separate from any organizational accounts and all other personal accounts. Each personal +account has one and only one personal workspace. Users create personal accounts when they initially sign up for Unstructured in one of the following ways: @@ -62,10 +66,9 @@ Users create personal accounts when they initially sign up for Unstructured in o sign up for a new Unstructured personal account and sign into that account at the same time. - Going to the [For Developers](https://unstructured.io/developers) page on the Unstructured website and completing the on-screen [signup form](https://unstructured.io/developers#get-started). -The user of the personal account is now an Unstructured _account user_ that can be added to organizations and workspaces within those organizations. - -Personal accounts are not associated with any organization. Resources in personal accounts (such as connectors, workflows, jobs, and personal API keys) cannot -be shared with nor migrated over into an organization. +Personal accounts are not associated with any organization by default. +Resources in personal accounts (such as personal API keys and personal workspaces and their connectors, workflows, and jobs) cannot +be shared with nor migrated over into any organizations. ```mermaid graph LR @@ -90,7 +93,7 @@ graph LR User3 -.-> Org3 ``` -Within an organization, an account user can have access to multiple workspaces within that organization. +Within an organization, an invited personal account user (also known as a _member_) can have access to multiple workspaces within that organization. ```mermaid graph LR @@ -137,28 +140,55 @@ graph LR User3_Org3 -.-> WS3C ``` -Each account user must be explicitly added to the organizations—and workspaces within those organizations—that they are allowed to access. +Each personal account user must be explicitly added to the organizations—and workspaces within those organizations—that they are allowed to access. ## Create an organization +Only authorized Unstructured representatives can create organizational accounts. To request an organization to be created, contact your Unstructured +sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online +[Unstructured contact form](https://unstructured.io/contact). + ## Access an organization 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... +2. In the top navigation bar, in the account selector, select the name of the organizational account that you want to access. + + If the organization selector is not shown, or if the selector does not show the organization you want to access, then + your personal account has not been added to that organization. To be added to the organization, contact one of the organization's administrators. ## Add a member to an organization -An Unstructured account user that is added to an organization is referred to an a _member_ of that organization. +An Unstructured personal account user that is added to an organizational account is referred to an a _member_ of that organization. -To add an account user to an organization as a member: +To add a member to an organization: 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... +2. In the top navigation bar, in the organization selector, select the name of the organization that you want to add a member to. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon. +4. Click **Manage Account**. +5. In the top navigation bar, click **Members**. +6. Click **New Member**. +7. In the **Add New Member** dialog, enter the email address of the new team member. +8. In the role selector, select the new team member's role for this organization. [See the available roles and their permissions](/account/roles). +9. Click **Continue**. ## Remove a member from an organization + + Removing a member from an organization also removes the member from all of the organization's workspaces. The member will no longer + have access to the organization or any of its workspaces. The member will continue to be able to use their personal account. + + Any connectors, workflows, jobs, or other resources that were created by the member within the organizations's workspaces will not be removed. + + The only way to reverse removing a member from an organization is to add the member back to the organization—and to each of the workspaces that the member might have previously + been a member of. + + 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... +2. In the top navigation bar, click **Members**. +3. In the list of members, click the member you want to remove. +4. In the member's settings pane, click **Remove Member**. +5. Confirm the removal by clicking **Continue**. ## Permanently delete an organization @@ -166,11 +196,13 @@ To add an account user to an organization as a member: Deleting an organization is a permanent action and is not recoverable. Once an organization is deleted, all workspaces associated with that organization are also deleted and are not recoverable. - The organization's account users are not deleted, but they will no longer have access to the deleted organization or any of its workspaces. + The organization's members will no longer have access to the deleted organization or any of its workspaces. + The members will continue to be able to use their personal accounts. Any code or scripts that reference connectors, workflows, jobs, or workflow API keys that are associated with workflows in the deleted organization will fail. -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... \ No newline at end of file +To request an organization to be permanently deleted, contact your Unstructured +sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online +[Unstructured contact form](https://unstructured.io/contact). \ No newline at end of file diff --git a/ui/account/workspaces.mdx b/ui/account/workspaces.mdx index be4697f7..8e7c70f2 100644 --- a/ui/account/workspaces.mdx +++ b/ui/account/workspaces.mdx @@ -3,13 +3,14 @@ title: Workspaces sidebarTitle: Workspaces --- -A _workspace_ is a collection of resources (such as connectors, workflows, jobs, and API keys) -within an Unstructured _organizational account_. Workspaces are used to manage -access to those resources by Unstructured _account users_ that first have access to the workspace's related _organization_. +An _organizational workspace_ is a collection of resources (such as connectors, workflows, jobs, and workspace API keys) +within an Unstructured _organizational account_. Organizational workspace are used to manage +access to those resources by invited Unstructured _personal account users_ (also known as _workspace members_) that have first +been added to the organizational workspace's parent organization as _organization members_. ## Workspace architecture -A workspace is part of one (and only one) [organization](/account/organizations). +An organizational workspace is part of one (and only one) [organization](/account/organizations). An organization can have multiple workspaces. @@ -35,7 +36,7 @@ graph LR Org3 --> WS3C ``` -Unstructured account users can have access to multiple workspaces within an organization. +Unstructured personal account users can have access to multiple workspaces within an organization. ```mermaid graph LR @@ -82,27 +83,43 @@ graph LR User3_Org3 -.-> WS3C ``` -Each account user must be explicitly added to each workspace that they are allowed to access. This assumes that the account user has first been added +Each personal account user must be explicitly added to each workspace that they are allowed to access. This assumes that the account user has first been added to the workspace's parent organization. To make API calls to a workspace, an account user must first create a _workspace API key_ for that workspace and then use that workspace API key to make API calls to that workspace. -_Personal API keys_ for account users' personal accounts do not work for making API calls to workspaces. Workspace API keys for workspaces do not work for making API calls to personal accounts. +Each personal account user always has access to their own personal account. This personal account has one and only one personal workspace. + +_Personal API keys_ for personal accounts work only with personal workspaces; they do not work for making API calls to organization workspaces. Workspace API keys for organization workspaces do not work for making API calls to personal workspaces. +A personal API key is valid only for its related personal workspace. A workspace API key is valid only for its related organizational workspace. ## Create a workspace To create a workspace, you must first have an available Unstructured organizational account. Currently, only Unstructured representatives can create organizational accounts. To request an organizational account to be created, -contact your Unstructured representative. +contact your Unstructured +sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online +[Unstructured contact form](https://unstructured.io/contact). 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... +2. In the top navigation bar, in the organization selector, select the name of the organization that you want to add a workspace to. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon. +4. Click **View All Workspaces**. +5. Click **New Workspace**. +6. In the **Create New Workspace** dialog, enter a name for the new workspace. +7. Optionally, enter a budget usage limit for the new workspace. If you do not want to set a budget limit, leave this field blank. +8. Click **Continue**. ## Access a workspace 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... +2. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to access. +3. In the workspace selector, select the name of the workspace that you want to access. + + If the workspace selector does not show the workspace you want to access, then + your personal account has not been added to that workspace. To be added to the workspace, contact one of the workspace's administrators or its + parent organization's administrators. ## Add a member to a workspace From fdc8c71f3d4018190036e7e607428cb2a647a4e3 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Mon, 31 Mar 2025 15:04:18 -0700 Subject: [PATCH 06/11] More initial content --- ui/account/organizations.mdx | 31 +++++++++++++++-------------- ui/account/workspaces.mdx | 38 ++++++++++++++++++++---------------- 2 files changed, 37 insertions(+), 32 deletions(-) diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx index 494b53a4..9ccf42ba 100644 --- a/ui/account/organizations.mdx +++ b/ui/account/organizations.mdx @@ -4,11 +4,12 @@ sidebarTitle: Organizations --- An _organization_ is a collection of Unstructured [workspaces](/account/workspaces). -An Unstructured _organizational account_ manages -access by invited Unstructured _personal account users_ to that organization and its workspaces. +An Unstructured _organizational account_ manages access to that organization and its workspaces by invited Unstructured _personal account users_. +Each organizational account has one and only one organization. An _organizational workspace_ is a collection of resources -(such as connectors, workflows, jobs, and workspace API keys) within an organization. +(such as connectors, workflows, jobs, and workspace API keys) within an organization. This is different from a _personal workspace_, +which is a collection of resources within an Unstructured personal account. An organizational account can have multiple organizational workspaces. ## Organization architecture @@ -57,18 +58,18 @@ graph LR ## Organizational versus personal accounts -Each personal account user always has access to their own Unstructured _personal account_, which is separate from any organizational accounts and all other personal accounts. Each personal +Each personal account user always has access to their own _personal account_, which is separate from all organizational accounts and all other personal accounts. Each personal account has one and only one personal workspace. -Users create personal accounts when they initially sign up for Unstructured in one of the following ways: +A personal account is created whenever someone initially signs up for Unstructured in one of the following ways: - Going to [https://platform.unstructured.io](https://platform.unstructured.io) and using their email address, Google account, or GitHub account to sign up for a new Unstructured personal account and sign into that account at the same time. - Going to the [For Developers](https://unstructured.io/developers) page on the Unstructured website and completing the on-screen [signup form](https://unstructured.io/developers#get-started). -Personal accounts are not associated with any organization by default. +Personal accounts are not associated with any organizational accounts by default. Resources in personal accounts (such as personal API keys and personal workspaces and their connectors, workflows, and jobs) cannot -be shared with nor migrated over into any organizations. +be shared with or migrated over into any organizational accounts or any other personal accounts. ```mermaid graph LR @@ -93,7 +94,7 @@ graph LR User3 -.-> Org3 ``` -Within an organization, an invited personal account user (also known as a _member_) can have access to multiple workspaces within that organization. +Within an organization, an invited personal account user (also known as an _organization member_) can have access to multiple workspaces within that organization. ```mermaid graph LR @@ -144,21 +145,21 @@ Each personal account user must be explicitly added to the organizations—a ## Create an organization -Only authorized Unstructured representatives can create organizational accounts. To request an organization to be created, contact your Unstructured +Only authorized Unstructured representatives can create organizational accounts. To request an organizational to be created, contact your Unstructured sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online [Unstructured contact form](https://unstructured.io/contact). ## Access an organization 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, in the account selector, select the name of the organizational account that you want to access. +2. In the top navigation bar, in the organization selector, select the name of the organization account that you want to access. If the organization selector is not shown, or if the selector does not show the organization you want to access, then your personal account has not been added to that organization. To be added to the organization, contact one of the organization's administrators. ## Add a member to an organization -An Unstructured personal account user that is added to an organizational account is referred to an a _member_ of that organization. +An Unstructured personal account user that is added to an organizational account is referred to as an _organization member_. To add a member to an organization: @@ -168,7 +169,7 @@ To add a member to an organization: 4. Click **Manage Account**. 5. In the top navigation bar, click **Members**. 6. Click **New Member**. -7. In the **Add New Member** dialog, enter the email address of the new team member. +7. In the **Add New Member** dialog, enter the email address of the organization's new team member. 8. In the role selector, select the new team member's role for this organization. [See the available roles and their permissions](/account/roles). 9. Click **Continue**. @@ -176,12 +177,12 @@ To add a member to an organization: Removing a member from an organization also removes the member from all of the organization's workspaces. The member will no longer - have access to the organization or any of its workspaces. The member will continue to be able to use their personal account. + have access to the organization or any of its workspaces. The member will continue to be able to use their personal account and personal workspace. Any connectors, workflows, jobs, or other resources that were created by the member within the organizations's workspaces will not be removed. The only way to reverse removing a member from an organization is to add the member back to the organization—and to each of the workspaces that the member might have previously - been a member of. + been a member of in that organization. 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). @@ -197,7 +198,7 @@ To add a member to an organization: organization are also deleted and are not recoverable. The organization's members will no longer have access to the deleted organization or any of its workspaces. - The members will continue to be able to use their personal accounts. + Each member will continue to be able to use their personal account and personal workspace. Any code or scripts that reference connectors, workflows, jobs, or workflow API keys that are associated with workflows in the deleted organization will fail. diff --git a/ui/account/workspaces.mdx b/ui/account/workspaces.mdx index 8e7c70f2..d0027e84 100644 --- a/ui/account/workspaces.mdx +++ b/ui/account/workspaces.mdx @@ -10,9 +10,9 @@ been added to the organizational workspace's parent organization as _organizatio ## Workspace architecture -An organizational workspace is part of one (and only one) [organization](/account/organizations). +An organizational workspace is part of one and only one [organization](/account/organizations). -An organization can have multiple workspaces. +An organization can have multiple organizational workspaces. ```mermaid graph LR @@ -36,7 +36,7 @@ graph LR Org3 --> WS3C ``` -Unstructured personal account users can have access to multiple workspaces within an organization. +Unstructured personal account users can have access to multiple organizational workspaces within an organization. ```mermaid graph LR @@ -83,15 +83,13 @@ graph LR User3_Org3 -.-> WS3C ``` -Each personal account user must be explicitly added to each workspace that they are allowed to access. This assumes that the account user has first been added -to the workspace's parent organization. - -To make API calls to a workspace, an account user must first create a _workspace API key_ for that workspace and then use that workspace API key to make API calls to that workspace. +Each personal account user must be explicitly added to each organizational workspace that they are allowed to access. This assumes that the personal account user has first been added +to the organizational workspace's parent organization. Each personal account user always has access to their own personal account. This personal account has one and only one personal workspace. -_Personal API keys_ for personal accounts work only with personal workspaces; they do not work for making API calls to organization workspaces. Workspace API keys for organization workspaces do not work for making API calls to personal workspaces. -A personal API key is valid only for its related personal workspace. A workspace API key is valid only for its related organizational workspace. +To make API calls to a workspace, an account user must first create an API key for that workspace, and then use that API key to make API calls to that workspace. +An API key is valid only for its related workspace, regardless of whether it is an organizational workspace or a personal workspace. ## Create a workspace @@ -108,7 +106,13 @@ sales representative, email Unstructured Sales at [sales@unstructured.io](mailto 4. Click **View All Workspaces**. 5. Click **New Workspace**. 6. In the **Create New Workspace** dialog, enter a name for the new workspace. -7. Optionally, enter a budget usage limit for the new workspace. If you do not want to set a budget limit, leave this field blank. +7. Optionally, enter a budget limit for the new workspace. If you do not want to set a budget limit, leave this field blank. + + + This workspace budget limit is for informational purposes only. Workspace usage is not stopped if this + limit is exceeded. + + 8. Click **Continue**. ## Access a workspace @@ -123,9 +127,9 @@ sales representative, email Unstructured Sales at [sales@unstructured.io](mailto ## Add a member to a workspace -An Unstructured account user that is added to a workspace is referred to an a _member_ of that workspace. +An Unstructured account user that is added to a workspace is referred to as a _workspace member_. -To add an account user to a workspace as a member: +To add a personal account user to a workspace as a member: 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). 2. In the top navigation bar, ... @@ -137,11 +141,11 @@ To add an account user to a workspace as a member: 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). 2. In the top navigation bar, ... -## Create a workspace API key +## Create an API key for a workspace -To make API calls to a workspace, an account user must first create a workspace API key for that workspace and then use that workspace API key to make API calls to that workspace. +To make API calls to a workspace, a personal account user must first create an API key for that workspace, and then use that API key to make API calls to that workspace. -Pesonal API keys for account users' personal accounts do not work for making API calls to workspaces. Workspace API keys do not work for making API calls to personal accounts. +Each and every API key can be used only with the workspace for which it was created. 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). 2. In the top navigation bar, ... @@ -165,9 +169,9 @@ Pesonal API keys for account users' personal accounts do not work for making API Deleting a workspace is a permanent action and is not recoverable. Once a workspace is deleted, all connectors, workflows, jobs, and - workspace API keys that are associated with that workspace are also deleted and are not recoverable. + API keys that are associated with that workspace are also deleted and are not recoverable. - The workspace's account users are not deleted, but they will no longer have access to the deleted workspace's connectors, workflows, jobs, and workspace API keys. + The workspace's account users are not deleted, but they will no longer have access to the deleted workspace's connectors, workflows, jobs, and API keys. Any code or scripts that reference the deleted workspace's connectors, workflows, jobs, or workspace API keys will fail. From 5dcdf4b3b35e22b73f902df77b7e131cca1c1585 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Wed, 2 Apr 2025 08:18:23 -0700 Subject: [PATCH 07/11] Added more initial content --- ui/account/api-key-url.mdx | 4 +- ui/account/organizations.mdx | 12 +++--- ui/account/workspaces.mdx | 79 ++++++++++++++++++++++++++---------- 3 files changed, 65 insertions(+), 30 deletions(-) diff --git a/ui/account/api-key-url.mdx b/ui/account/api-key-url.mdx index 536befcf..1a0071da 100644 --- a/ui/account/api-key-url.mdx +++ b/ui/account/api-key-url.mdx @@ -59,11 +59,11 @@ However, you might want the option to re-enable it after you solve your issues o ## Permanently delete an existing API key - + Deleting an existing API key is a permanent operation. Deleted API keys cannot be recovered. You cannot use a deleted API key to call the Unstructured APIs. - + You might want to permanently delete an existing API key that you know is causing issues or is compromised. diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx index 9ccf42ba..baf1d148 100644 --- a/ui/account/organizations.mdx +++ b/ui/account/organizations.mdx @@ -170,12 +170,12 @@ To add a member to an organization: 5. In the top navigation bar, click **Members**. 6. Click **New Member**. 7. In the **Add New Member** dialog, enter the email address of the organization's new team member. -8. In the role selector, select the new team member's role for this organization. [See the available roles and their permissions](/account/roles). +8. In the role selector, select the new team member's role for this organization. [See the available roles and their permissions](/ui/account/roles). 9. Click **Continue**. ## Remove a member from an organization - + Removing a member from an organization also removes the member from all of the organization's workspaces. The member will no longer have access to the organization or any of its workspaces. The member will continue to be able to use their personal account and personal workspace. @@ -183,7 +183,7 @@ To add a member to an organization: The only way to reverse removing a member from an organization is to add the member back to the organization—and to each of the workspaces that the member might have previously been a member of in that organization. - + 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). 2. In the top navigation bar, click **Members**. @@ -193,7 +193,7 @@ To add a member to an organization: ## Permanently delete an organization - + Deleting an organization is a permanent action and is not recoverable. Once an organization is deleted, all workspaces associated with that organization are also deleted and are not recoverable. @@ -202,8 +202,8 @@ To add a member to an organization: Any code or scripts that reference connectors, workflows, jobs, or workflow API keys that are associated with workflows in the deleted organization will fail. - + -To request an organization to be permanently deleted, contact your Unstructured +Only authorized Unstructured representatives can delete organizational accounts. To request an organization to be permanently deleted, contact your Unstructured sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online [Unstructured contact form](https://unstructured.io/contact). \ No newline at end of file diff --git a/ui/account/workspaces.mdx b/ui/account/workspaces.mdx index d0027e84..07bcc78f 100644 --- a/ui/account/workspaces.mdx +++ b/ui/account/workspaces.mdx @@ -108,10 +108,10 @@ sales representative, email Unstructured Sales at [sales@unstructured.io](mailto 6. In the **Create New Workspace** dialog, enter a name for the new workspace. 7. Optionally, enter a budget limit for the new workspace. If you do not want to set a budget limit, leave this field blank. - + This workspace budget limit is for informational purposes only. Workspace usage is not stopped if this limit is exceeded. - + 8. Click **Continue**. @@ -131,50 +131,85 @@ An Unstructured account user that is added to a workspace is referred to as a _w To add a personal account user to a workspace as a member: -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... -3. Make sure the account user that you want to add has already been added as a member of the workspace's parent organization. [Learn how](). -4. ... +1. Make sure the account user that you want to add has already been added as a member of the workspace's parent organization. + [Learn how](/ui/account/organizations.mdx#add-a-member-to-an-organization). +2. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +3. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to add a member to. +4. In the workspace selector, select the name of the workspace that you want to add a member to. +5. In the sidebar, above your user icon, click the **Settings** (gear) icon. +6. Click **Manage Workspace**. +7. In the top navigation bar, click **Members**. +8. Click **Add New Member**. +9. In the **Add New Member** dialog, select one of the organization's members to add to this workspace as a member. +10. In the role selector, select the new team member's role for this workspace. [See the available roles and their permissions](/ui/account/roles). +11. Click **Continue**. ## Remove a member from a workspace + + A member who is removed from a workspace will no longer have access to the workspace. The member will continue to be able to use their personal account and personal workspace. + + Any connectors, workflows, jobs, or other resources that were created by the member within the workspace will not be removed. + + The only way to reverse removing a member from a workspace is to add the member back to the workspace. + + 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... +2. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to remove a member from. +3. In the workspace selector, select the name of the workspace that you want to remove a member from. +4. In the sidebar, above your user icon, click the **Settings** (gear) icon. +5. Click **Manage Workspace**. +6. In the top navigation bar, click **Members**. +7. In the list of members, click the ellipses next to the member that you want to remove. +8. Click **Remove Member**. +9. Confirm the removal by clicking **Continue**. ## Create an API key for a workspace To make API calls to a workspace, a personal account user must first create an API key for that workspace, and then use that API key to make API calls to that workspace. -Each and every API key can be used only with the workspace for which it was created. +An API key can be used only with the workspace for which it was created. 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... +2. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to create an API key for. +3. In the workspace selector, select the name of the workspace that you want to create an API key for. +4. In the sidebar, above your user icon, click the **Settings** (gear) icon. +5. Click **Manage Workspace**. +6. In the top navigation bar, click **API Keys**. +7. Click **Generate New Key**. +8. Enter some name for the key, and click **Continue**. +9. To get the key's value, in the list of available keys, click the **Copy** icon next to the newly created key. The key's value is + copies to your system's clipboard. ## Delete an API key for a workspace -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... - -## Set a budget limit for a workspace - -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... + + Deleting an existing API key is a permanent operation. Deleted API keys cannot be recovered. -## Track usage for a workspace against a budget limit + You cannot use a deleted API key to call the Unstructured APIs. + 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... +2. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to delete an API key for. +3. In the workspace selector, select the name of the workspace that you want to delete an API key for. +4. In the sidebar, above your user icon, click the **Settings** (gear) icon. +5. Click **Manage Workspace**. +6. In the top navigation bar, click **API Keys**. +7. n the list of available keys, click the ellipses next to the key you want to delete. +8. Click **Delete**. +9. Confirm the deletion by clicking **Continue**. ## Permanently delete a workspace - + Deleting a workspace is a permanent action and is not recoverable. Once a workspace is deleted, all connectors, workflows, jobs, and API keys that are associated with that workspace are also deleted and are not recoverable. The workspace's account users are not deleted, but they will no longer have access to the deleted workspace's connectors, workflows, jobs, and API keys. Any code or scripts that reference the deleted workspace's connectors, workflows, jobs, or workspace API keys will fail. - + -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, ... \ No newline at end of file +Only authorized Unstructured representatives can delete workspaces. To request a workspace to be permanently deleted, contact your Unstructured +sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online +[Unstructured contact form](https://unstructured.io/contact). \ No newline at end of file From 56a06c24ef9bb31111a16ffb2b23c07afba90f67 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Thu, 3 Apr 2025 09:42:40 -0700 Subject: [PATCH 08/11] RBAC matrix, terminology cleanup --- ui/account/organizations.mdx | 119 +++++++++++++++++++---------------- ui/account/roles.mdx | 52 +++++++++++++-- ui/account/workspaces.mdx | 113 ++++++++++++++++++++++++--------- 3 files changed, 192 insertions(+), 92 deletions(-) diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx index baf1d148..e4a56853 100644 --- a/ui/account/organizations.mdx +++ b/ui/account/organizations.mdx @@ -1,19 +1,15 @@ --- -title: Organizations -sidebarTitle: Organizations +title: Organizational accounts --- -An _organization_ is a collection of Unstructured [workspaces](/account/workspaces). -An Unstructured _organizational account_ manages access to that organization and its workspaces by invited Unstructured _personal account users_. -Each organizational account has one and only one organization. +An _organizational account_ is a collection of Unstructured [workspaces](/ui/account/workspaces). A _workspace_ is a collection of Unstructured +resources such as connectors, workflows, jobs, and API keys. -An _organizational workspace_ is a collection of resources -(such as connectors, workflows, jobs, and workspace API keys) within an organization. This is different from a _personal workspace_, -which is a collection of resources within an Unstructured personal account. An organizational account can have multiple organizational workspaces. +## Organizational account architecture -## Organization architecture +Each organizational account operates independently of all other organizational accounts. -An organizational account operates independently of all other organizational accounts. Each organization can have multiple [workspaces](/account/workspaces). +Each organizational account can have multiple workspaces. Each workspace operates independently of all other workspaces. ```mermaid graph LR @@ -37,7 +33,7 @@ graph LR Org3 --> WS3C ``` -A personal account user can have access to multiple organizations. +Each organizational account can have multiple users. Users can have access to multiple organizational accounts. ```mermaid graph LR @@ -56,20 +52,8 @@ graph LR User3 -.-> Org3 ``` -## Organizational versus personal accounts - -Each personal account user always has access to their own _personal account_, which is separate from all organizational accounts and all other personal accounts. Each personal -account has one and only one personal workspace. - -A personal account is created whenever someone initially signs up for Unstructured in one of the following ways: - -- Going to [https://platform.unstructured.io](https://platform.unstructured.io) and using their email address, Google account, or GitHub account to - sign up for a new Unstructured personal account and sign into that account at the same time. -- Going to the [For Developers](https://unstructured.io/developers) page on the Unstructured website and completing the on-screen [signup form](https://unstructured.io/developers#get-started). - -Personal accounts are not associated with any organizational accounts by default. -Resources in personal accounts (such as personal API keys and personal workspaces and their connectors, workflows, and jobs) cannot -be shared with or migrated over into any organizational accounts or any other personal accounts. +Each user also has a _personal account_, which operates independently of all other organizational accounts and personal accounts. Each personal account has a +_personal workspace_, which operates independently of all other workspaces. ```mermaid graph LR @@ -94,7 +78,7 @@ graph LR User3 -.-> Org3 ``` -Within an organization, an invited personal account user (also known as an _organization member_) can have access to multiple workspaces within that organization. +Within an organizational account, an invited user (also known as a _member_) can have access to multiple workspaces within that organizational account. ```mermaid graph LR @@ -141,69 +125,94 @@ graph LR User3_Org3 -.-> WS3C ``` -Each personal account user must be explicitly added to the organizations—and workspaces within those organizations—that they are allowed to access. +Each user must be explicitly added to the organizational accounts—and workspaces within those organizational accounts—that they are allowed to access. -## Create an organization +## Create an organizational account -Only authorized Unstructured representatives can create organizational accounts. To request an organizational to be created, contact your Unstructured +Only authorized Unstructured representatives can create organizational accounts. To request an organizational account to be created, contact your Unstructured sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online [Unstructured contact form](https://unstructured.io/contact). -## Access an organization +## Access an organizational account 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, in the organization selector, select the name of the organization account that you want to access. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to access. - If the organization selector is not shown, or if the selector does not show the organization you want to access, then - your personal account has not been added to that organization. To be added to the organization, contact one of the organization's administrators. + If the organizational account selector is not shown, or if the selector does not show the organizational account you want to access, then + your user has not been added to that organizational account. To be added to the organizational account, contact one of the organizational account's administrators. -## Add a member to an organization +## Add a member to an organizational account -An Unstructured personal account user that is added to an organizational account is referred to as an _organization member_. + + Your user must have the **Super Admin** [role](/ui/account/roles) in the organizational account to add members to that organizational account. + -To add a member to an organization: +To add a user to an organizational account as a member: 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, in the organization selector, select the name of the organization that you want to add a member to. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to add the member to. 3. In the sidebar, above your user icon, click the **Settings** (gear) icon. 4. Click **Manage Account**. 5. In the top navigation bar, click **Members**. 6. Click **New Member**. -7. In the **Add New Member** dialog, enter the email address of the organization's new team member. -8. In the role selector, select the new team member's role for this organization. [See the available roles and their permissions](/ui/account/roles). +7. In the **Add New Member** dialog, enter the email address for the organizational account's new member. +8. In the role selector, select the new member's [role](/ui/account/roles) for this organizational account. 9. Click **Continue**. -## Remove a member from an organization +## Change an organizational account role for a member + + + Your user must have the **Super Admin** role in the organizational account to change its members' organizational account roles. + + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the member you want to change roles for. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon. +4. Click **Manage Account**. +5. In the top navigation bar, click **Members**. +6. Click the member you want to change roles for. +7. Next to **Role** click the **Edit** (pencil) icon. +8. Select the new role. +9. Click the **Accept** (check mark) icon. + +## Remove a member from an organizational account - Removing a member from an organization also removes the member from all of the organization's workspaces. The member will no longer - have access to the organization or any of its workspaces. The member will continue to be able to use their personal account and personal workspace. + Removing a member from an organizational account also removes the member from all of the organizational account's workspaces. The member will no longer + have access to the organizational account or any of its workspaces. The member will continue to be able to use their personal account and personal workspace. - Any connectors, workflows, jobs, or other resources that were created by the member within the organizations's workspaces will not be removed. + Any connectors, workflows, jobs, or other resources that were created by the member within the organizational accounts's workspaces will not be removed. - The only way to reverse removing a member from an organization is to add the member back to the organization—and to each of the workspaces that the member might have previously - been a member of in that organization. + The only way to reverse removing a member from an organizational account is to add the member back to the organizational account—and to each of the workspaces that the member might have previously + been a member of in that organizational account. + + Your user must have the **Super Admin** [role](/ui/account/roles) in the organizational account to remove members from that organizational account. + + 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, click **Members**. -3. In the list of members, click the member you want to remove. -4. In the member's settings pane, click **Remove Member**. -5. Confirm the removal by clicking **Continue**. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to remove the member from. +3. In the sidebar, above your user icon, click the **Settings** (gear) icon. +4. Click **Manage Account**. +5. In the top navigation bar, click **Members**. +6. In the list of members, click the member you want to remove. +7. In the member's settings pane, click **Remove Member**. +8. Confirm the removal by clicking **Continue**. -## Permanently delete an organization +## Permanently delete an organizational account - Deleting an organization is a permanent action and is not recoverable. Once an organization is deleted, all workspaces associated with that - organization are also deleted and are not recoverable. + Deleting an organizational account is a permanent action and is not recoverable. Once an organizational account is deleted, all workspaces associated with that + organizational account are also deleted and are not recoverable. - The organization's members will no longer have access to the deleted organization or any of its workspaces. + The organizational account's members will no longer have access to the deleted organizational account or any of its workspaces. Each member will continue to be able to use their personal account and personal workspace. Any code or scripts that reference connectors, workflows, jobs, or workflow API keys that are associated with workflows in the deleted - organization will fail. + organizational account will fail. -Only authorized Unstructured representatives can delete organizational accounts. To request an organization to be permanently deleted, contact your Unstructured +Only authorized Unstructured representatives can delete organizational accounts. To request an organizational account to be permanently deleted, contact your Unstructured sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online [Unstructured contact form](https://unstructured.io/contact). \ No newline at end of file diff --git a/ui/account/roles.mdx b/ui/account/roles.mdx index bce0e9da..aeef798a 100644 --- a/ui/account/roles.mdx +++ b/ui/account/roles.mdx @@ -3,15 +3,55 @@ title: Role-based access control (RBAC) sidebarTitle: Roles --- +_Roles_ in Unstructured are part of the _role-based access control_ (RBAC) system that manages permissions for members of +organizational accounts and their workspaces. (Roles are not used in personal accounts.) -## Available roles +Any member with the **Super Admin** role in an organizational account can manage the roles of that organizational account's members and the roles of the +members of the organizational account's workspaces. -| Permission | Super Administrator | General Developer | Billing | +Any member with the **Super Admin** role in an organizational account or the **Workspace Admin** role in a workspace within an +organizational account can mange the roles of that workspace's members. + +A **Super Admin** member assigns an organizational account member's initial role when they are [added to the organizational account](/ui/account/organizations#add-a-member-to-an-organizational-account). This member's +initial role can be [changed](/ui/account/organizations#change-an-organizational-account-role-for-a-member) later. + +A **Super Admin** or **Workspace Admin** member assigns a workspace member's initial role when they are [added to the workspace](/ui/account/workspaces#add-a-member-to-a-workspace). This +member's initial role can be [changed](/ui/account/workspaces#change-a-workspace-role-for-a-member) later. + +## Organizational account roles + +- **Super Admin**: Has access to all of the organizational account's resources. Can perform account management, invite members, assign roles and permissions, and create workspace. Has all permissions to all of the organizational account's workspaces. +- **Developer**: Can be added to an organizational account's workspaces and assigned a role for each workspace that they are added to. +- **Billing**: Can view the organizational account's billing and usage information. Can allocate budget across the organizational account's workspaces. + +For example: + +| Permission | Super Admin | Developer | Billing | |---|---|---|---| -| Create new organizational account | Yes | No | No | -| Add user to organizational account | Yes | No | No | +| Can add members | Yes | No | No | +| Can remove members | Yes | No | No | +| Can change member roles | Yes | No | No | +| Can view usage and costs | Yes | No | Yes | +| Can edit payment details | Yes | No | Yes | +| Can add budget | Yes | No | Yes | +| Can distribute budget across workspaces | Yes | No | Yes | -## Assign a role to a user +## Workspace roles +- **Workspace Admin**: Can invite, remove, and assign roles to the workspace's members. Can make any and all changes to the workspace. +- **Developer**: Can create and update any and all connectors and workflows in the workspace. Can schedule and run any and all workflows in the workspace. +- **Operations**: Can schedule and run any and all workflows in the workspace. +- **Viewer**: Can view information about any and all connectors and workflows in the workspace. Cannot make any changes to the workspace or run any of the workflows in the workspace. -## Remove a role from a user \ No newline at end of file +For example: +| Permission | Workspace Admin | Developer | Operations | Viewer | +|---|---|---|---|---| +| Can create connectors | Yes | Yes | No | No | +| Can use connectors | Yes | Yes | No | No | +| Can change connectors | Yes | Yes | No | No | +| Can delete connectors | Yes | Yes | No | No | +| Can create workflows | Yes | Yes | No | No | +| Can schdule workflows | Yes | Yes | Yes | No | +| Can run workflows | Yes | Yes | Yes | No | +| Can change workflows | Yes | Yes | No | No | +| Can delete workflows | Yes | Yes | No | No | diff --git a/ui/account/workspaces.mdx b/ui/account/workspaces.mdx index 07bcc78f..ef88bd17 100644 --- a/ui/account/workspaces.mdx +++ b/ui/account/workspaces.mdx @@ -3,16 +3,15 @@ title: Workspaces sidebarTitle: Workspaces --- -An _organizational workspace_ is a collection of resources (such as connectors, workflows, jobs, and workspace API keys) -within an Unstructured _organizational account_. Organizational workspace are used to manage -access to those resources by invited Unstructured _personal account users_ (also known as _workspace members_) that have first -been added to the organizational workspace's parent organization as _organization members_. +A _workspace_ is a collection of resources such as connectors, workflows, jobs, and API keys. + +Each workspace operates independently of all other workspaces. ## Workspace architecture -An organizational workspace is part of one and only one [organization](/account/organizations). +A workspace can belong to an [organizational account](/ui/account/organizations) or to a user's personal account. -An organization can have multiple organizational workspaces. +Every organizational account begins with one default workspace. An organizational account can have multiple workspaces. (A user's personal account always has one and only one workspace.) ```mermaid graph LR @@ -36,7 +35,7 @@ graph LR Org3 --> WS3C ``` -Unstructured personal account users can have access to multiple organizational workspaces within an organization. +Users can have access to multiple workspaces within an organizational account. ```mermaid graph LR @@ -83,25 +82,29 @@ graph LR User3_Org3 -.-> WS3C ``` -Each personal account user must be explicitly added to each organizational workspace that they are allowed to access. This assumes that the personal account user has first been added -to the organizational workspace's parent organization. - -Each personal account user always has access to their own personal account. This personal account has one and only one personal workspace. +Each user must be explicitly added to each workspace that they are allowed to access. (A user always has access to their personal workspace within their personal account.) This assumes that the user has first been added +to the workspace's parent organizational account. -To make API calls to a workspace, an account user must first create an API key for that workspace, and then use that API key to make API calls to that workspace. -An API key is valid only for its related workspace, regardless of whether it is an organizational workspace or a personal workspace. +To make programmatic API calls to a workspace instead of using the UI, an API key must first exist for that workspace. The caller then uses that API key to make API calls to that workspace. +Each API key is valid only for its related workspace. ## Create a workspace -To create a workspace, you must first have an available Unstructured organizational account. +To create a workspace, you must first have an available Unstructured [organizational account](/account/organizations). Currently, only Unstructured representatives can create organizational accounts. To request an organizational account to be created, contact your Unstructured sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online [Unstructured contact form](https://unstructured.io/contact). + + Your user must have the **Super Admin** [role](/ui/account/roles) in the intended workspace's parent organizational account to create workspaces in that organizational account. + + (A user always has one and only one personal workspace within their personal account. You cannot create additional workspaces in personal accounts.) + + 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, in the organization selector, select the name of the organization that you want to add a workspace to. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to add a workspace to. 3. In the sidebar, above your user icon, click the **Settings** (gear) icon. 4. Click **View All Workspaces**. 5. Click **New Workspace**. @@ -118,32 +121,57 @@ sales representative, email Unstructured Sales at [sales@unstructured.io](mailto ## Access a workspace 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to access. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to access. 3. In the workspace selector, select the name of the workspace that you want to access. If the workspace selector does not show the workspace you want to access, then - your personal account has not been added to that workspace. To be added to the workspace, contact one of the workspace's administrators or its - parent organization's administrators. + your user has not been added to that workspace. To be added to the workspace, contact one of the workspace's administrators or its + parent organizational account's administrators. ## Add a member to a workspace -An Unstructured account user that is added to a workspace is referred to as a _workspace member_. + + Your user must have either the **Super Admin** [role](/ui/account/roles) in the workspace's parent organizational account or the **Workspace Admin** role in the + workspace to add members to that workspace. + + The user to be added must also have the **Developer** role in the workspace's parent organizational account. -To add a personal account user to a workspace as a member: + (A user always has access to their personal workspace within their personal account.) + -1. Make sure the account user that you want to add has already been added as a member of the workspace's parent organization. - [Learn how](/ui/account/organizations.mdx#add-a-member-to-an-organization). +To add a user to a workspace as a member: + +1. Make sure the account user that you want to add has already been added as a member of the workspace's parent organizational account. + [Learn how](/ui/account/organizations#add-a-member-to-an-organization). 2. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -3. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to add a member to. +3. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to add a member to. 4. In the workspace selector, select the name of the workspace that you want to add a member to. 5. In the sidebar, above your user icon, click the **Settings** (gear) icon. 6. Click **Manage Workspace**. 7. In the top navigation bar, click **Members**. 8. Click **Add New Member**. -9. In the **Add New Member** dialog, select one of the organization's members to add to this workspace as a member. -10. In the role selector, select the new team member's role for this workspace. [See the available roles and their permissions](/ui/account/roles). +9. In the **Add New Member** dialog, select one of the organizational account's members to add to this workspace as a member. +10. In the role selector, select the new team member's [role](/ui/account/roles) for this workspace. 11. Click **Continue**. +## Change a workspace role for a member + + + Your user must have either the **Super Admin** role in the workspace's parent organizational account or the **Workspace Admin** role in the + workspace to change the roles for that workspace's members. + + +1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace for the member you want to change roles for. +3. In the workspace selector, select the name of the workspace that contains the member you want to change roles for. +4. In the sidebar, above your user icon, click the **Settings** (gear) icon. +5. Click **Manage Workspace**. +6. In the top navigation bar, click **Members**. +7. Next to the member you want to change roles for, click the ellipses. +8. Click **Edit Permissions**. +9. Select the new role. +10. Click **Continue**. + ## Remove a member from a workspace @@ -151,11 +179,18 @@ To add a personal account user to a workspace as a member: Any connectors, workflows, jobs, or other resources that were created by the member within the workspace will not be removed. - The only way to reverse removing a member from a workspace is to add the member back to the workspace. + The only way to reverse removing a member from a workspace is to add the member back to the workspace. + + Your user must have either the **Super Admin** [role](/ui/account/roles) in the workspace's parent organizational account or the **Workspace Admin** role in the + workspace to remove members from that workspace. + + (A user cannot be removed from their personal workspace within their personal account.) + + 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to remove a member from. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to remove a member from. 3. In the workspace selector, select the name of the workspace that you want to remove a member from. 4. In the sidebar, above your user icon, click the **Settings** (gear) icon. 5. Click **Manage Workspace**. @@ -166,12 +201,17 @@ To add a personal account user to a workspace as a member: ## Create an API key for a workspace -To make API calls to a workspace, a personal account user must first create an API key for that workspace, and then use that API key to make API calls to that workspace. + + Your user must have either the **Super Admin** [role](/ui/account/roles) in the workspace's parent organizational account or the **Workspace Admin** or **Developer** role in the + workspace to create API keys for that workspace. + + +To make programmatic API calls to a workspace instead of using the UI, an API key must first exist for that workspace, and then the caller uses that API key to make API calls to that workspace. An API key can be used only with the workspace for which it was created. 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to create an API key for. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to create an API key for. 3. In the workspace selector, select the name of the workspace that you want to create an API key for. 4. In the sidebar, above your user icon, click the **Settings** (gear) icon. 5. Click **Manage Workspace**. @@ -183,14 +223,21 @@ An API key can be used only with the workspace for which it was created. ## Delete an API key for a workspace +An API key is valid only for the workspace for which it was created. + Deleting an existing API key is a permanent operation. Deleted API keys cannot be recovered. You cannot use a deleted API key to call the Unstructured APIs. + + Your user must have either the **Super Admin** [role](/ui/account/roles) in the workspace's parent organizational account or the **Workspace Admin** or **Developer** role in the + workspace to delete API keys from that workspace. + + 1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). -2. In the top navigation bar, in the organization selector, select the name of the organization that contains the workspace you want to delete an API key for. +2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to delete an API key for. 3. In the workspace selector, select the name of the workspace that you want to delete an API key for. 4. In the sidebar, above your user icon, click the **Settings** (gear) icon. 5. Click **Manage Workspace**. @@ -205,11 +252,15 @@ An API key can be used only with the workspace for which it was created. Deleting a workspace is a permanent action and is not recoverable. Once a workspace is deleted, all connectors, workflows, jobs, and API keys that are associated with that workspace are also deleted and are not recoverable. - The workspace's account users are not deleted, but they will no longer have access to the deleted workspace's connectors, workflows, jobs, and API keys. + The workspace's members are not deleted, but they will no longer have access to the deleted workspace's connectors, workflows, jobs, and API keys. Any code or scripts that reference the deleted workspace's connectors, workflows, jobs, or workspace API keys will fail. + + A user's personal workspace cannot be deleted from their personal account. + + Only authorized Unstructured representatives can delete workspaces. To request a workspace to be permanently deleted, contact your Unstructured sales representative, email Unstructured Sales at [sales@unstructured.io](mailto:sales@unstructured.io), or complete the online [Unstructured contact form](https://unstructured.io/contact). \ No newline at end of file From fb63867f85c08af276df5087e19d7a85a512ca7d Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Thu, 3 Apr 2025 15:24:03 -0700 Subject: [PATCH 09/11] RBAC matrices --- ui/account/roles.mdx | 78 +++++++++++++++++++++++++++++--------------- 1 file changed, 52 insertions(+), 26 deletions(-) diff --git a/ui/account/roles.mdx b/ui/account/roles.mdx index aeef798a..7098291b 100644 --- a/ui/account/roles.mdx +++ b/ui/account/roles.mdx @@ -20,38 +20,64 @@ member's initial role can be [changed](/ui/account/workspaces#change-a-workspace ## Organizational account roles -- **Super Admin**: Has access to all of the organizational account's resources. Can perform account management, invite members, assign roles and permissions, and create workspace. Has all permissions to all of the organizational account's workspaces. -- **Developer**: Can be added to an organizational account's workspaces and assigned a role for each workspace that they are added to. -- **Billing**: Can view the organizational account's billing and usage information. Can allocate budget across the organizational account's workspaces. +Organizational account roles include: -For example: +- Super Administrator +- Account Member +- Billing Administrator -| Permission | Super Admin | Developer | Billing | +These roles include the following permissions: + +| Permission | Super Administrator | Account Member | Billing Administrator | |---|---|---|---| -| Can add members | Yes | No | No | -| Can remove members | Yes | No | No | -| Can change member roles | Yes | No | No | +| Organizational account management | | | | +| Can add members to the account | Yes | No | No | +| Can remove members from the account | Yes | No | No | +| Can view members of the account | Yes | No | No | +| Can view an account member's details | Yes | No | No | +| Can change an account member's role | Yes | No | No | +| Billing | | | | | Can view usage and costs | Yes | No | Yes | -| Can edit payment details | Yes | No | Yes | +| Can edit payment information | Yes | No | Yes | | Can add budget | Yes | No | Yes | | Can distribute budget across workspaces | Yes | No | Yes | +| Workspaces | | | | +| Can create workspaces | Yes | No | No | +| Can add members to a workspace | Yes | No | No | +| Can view members of a workspace | Yes | Yes | No | +| Can be added to a workspace | Yes | Yes | Yes | +| Can take actions in a workspace (based on their workspace role) | Yes | Yes | No | ## Workspace roles -- **Workspace Admin**: Can invite, remove, and assign roles to the workspace's members. Can make any and all changes to the workspace. -- **Developer**: Can create and update any and all connectors and workflows in the workspace. Can schedule and run any and all workflows in the workspace. -- **Operations**: Can schedule and run any and all workflows in the workspace. -- **Viewer**: Can view information about any and all connectors and workflows in the workspace. Cannot make any changes to the workspace or run any of the workflows in the workspace. - -For example: -| Permission | Workspace Admin | Developer | Operations | Viewer | -|---|---|---|---|---| -| Can create connectors | Yes | Yes | No | No | -| Can use connectors | Yes | Yes | No | No | -| Can change connectors | Yes | Yes | No | No | -| Can delete connectors | Yes | Yes | No | No | -| Can create workflows | Yes | Yes | No | No | -| Can schdule workflows | Yes | Yes | Yes | No | -| Can run workflows | Yes | Yes | Yes | No | -| Can change workflows | Yes | Yes | No | No | -| Can delete workflows | Yes | Yes | No | No | +Workspace roles include: + +- Viewer +- Developer +- Operator +- Workspace administrators + +These roles include the following permissions: + +| Resource | Action | Viewer | Developer | Operator | Workspace Administrator | +|---|---|---|---|---|---| +| Workflows | Read | Yes | Yes | Yes | Yes | +| | Create | No | Yes | No | Yes | +| | Edit | No | Yes | No | Yes | +| | Delete | No | Yes | No | Yes | +| | Run | No | Yes | Yes | Yes | +| | Schedule | No | Yes | Yes | Yes | +| Connectors | Read | Yes | Yes | Yes | Yes | +| | Create | No | Yes | No | Yes | +| | Edit | No | Yes | No | Yes | +| | Delete | No | Yes | No | Yes | +| Workspace members | Add members to the workspace | No | No | No | Yes | +| | View the workspace's members | Yes | Yes | Yes | Yes | +| | Remove members from the workspace | No | No | No | Yes | +| | Change the workspace members' roles | No | No | No | Yes | +| Budget limits | Add budget | No | No | No | Yes | +| | Edit budget | No | No | No | Yes | +| | View budget | Yes | Yes | Yes | Yes | + +Super Administrators in an organizational account have complete access to all of the organizational account's workspaces, regardless of whether they +are a member of those workspaces. From 93e173d330019c65a583d6d43e5959b3a52c6070 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Thu, 3 Apr 2025 15:44:33 -0700 Subject: [PATCH 10/11] Forgot to push latest updates to org accounts --- ui/account/organizations.mdx | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx index e4a56853..6343e61a 100644 --- a/ui/account/organizations.mdx +++ b/ui/account/organizations.mdx @@ -2,8 +2,15 @@ title: Organizational accounts --- -An _organizational account_ is a collection of Unstructured [workspaces](/ui/account/workspaces). A _workspace_ is a collection of Unstructured -resources such as connectors, workflows, jobs, and API keys. +An _organizational account_ is an Unstructured account that allows multiple users to access Unstructured resources and share billing. +An organizational account contains a collection of Unstructured [workspaces](/ui/account/workspaces) that can share resources +with subsets of users within the account. An organizational account manages access its organization and the organization's workspaces by inviting Unstructured +_personal account_ users. Any usage that occurs in an organizational account by any of its invited users is applied to the shared billing for that +organizational account. + +A _workspace_ is a collection of Unstructured resources (such as connectors, workflows, jobs, and API keys) within an organization. +This is different from a _personal workspace_, which is a collection of resources within an Unstructured personal account. An organizational account +can have multiple workspaces. ## Organizational account architecture @@ -53,7 +60,8 @@ graph LR ``` Each user also has a _personal account_, which operates independently of all other organizational accounts and personal accounts. Each personal account has a -_personal workspace_, which operates independently of all other workspaces. +_personal workspace_, which operates independently of all other workspaces. Each user can add a seprate billing method to their personal account that +will be applied only to usage in their personal account. ```mermaid graph LR From e634de0399504606cfbf7d13f19af43f6fdc64e8 Mon Sep 17 00:00:00 2001 From: Paul Cornell Date: Fri, 4 Apr 2025 09:55:42 -0700 Subject: [PATCH 11/11] URL updates --- ui/account/organizations.mdx | 12 ++++++++---- ui/account/workspaces.mdx | 21 ++++++++++++++------- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/ui/account/organizations.mdx b/ui/account/organizations.mdx index 6343e61a..86813ddc 100644 --- a/ui/account/organizations.mdx +++ b/ui/account/organizations.mdx @@ -143,7 +143,8 @@ sales representative, email Unstructured Sales at [sales@unstructured.io](mailto ## Access an organizational account -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's [self-hosted deployment of Unstructured](/self-hosted/overview). 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to access. If the organizational account selector is not shown, or if the selector does not show the organizational account you want to access, then @@ -157,7 +158,8 @@ sales representative, email Unstructured Sales at [sales@unstructured.io](mailto To add a user to an organizational account as a member: -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to add the member to. 3. In the sidebar, above your user icon, click the **Settings** (gear) icon. 4. Click **Manage Account**. @@ -173,7 +175,8 @@ To add a user to an organizational account as a member: Your user must have the **Super Admin** role in the organizational account to change its members' organizational account roles. -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the member you want to change roles for. 3. In the sidebar, above your user icon, click the **Settings** (gear) icon. 4. Click **Manage Account**. @@ -199,7 +202,8 @@ To add a user to an organizational account as a member: Your user must have the **Super Admin** [role](/ui/account/roles) in the organizational account to remove members from that organizational account. -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to remove the member from. 3. In the sidebar, above your user icon, click the **Settings** (gear) icon. 4. Click **Manage Account**. diff --git a/ui/account/workspaces.mdx b/ui/account/workspaces.mdx index ef88bd17..815fba88 100644 --- a/ui/account/workspaces.mdx +++ b/ui/account/workspaces.mdx @@ -103,7 +103,8 @@ sales representative, email Unstructured Sales at [sales@unstructured.io](mailto (A user always has one and only one personal workspace within their personal account. You cannot create additional workspaces in personal accounts.) -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that you want to add a workspace to. 3. In the sidebar, above your user icon, click the **Settings** (gear) icon. 4. Click **View All Workspaces**. @@ -120,7 +121,8 @@ sales representative, email Unstructured Sales at [sales@unstructured.io](mailto ## Access a workspace -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to access. 3. In the workspace selector, select the name of the workspace that you want to access. @@ -143,7 +145,8 @@ To add a user to a workspace as a member: 1. Make sure the account user that you want to add has already been added as a member of the workspace's parent organizational account. [Learn how](/ui/account/organizations#add-a-member-to-an-organization). -2. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +2. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 3. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to add a member to. 4. In the workspace selector, select the name of the workspace that you want to add a member to. 5. In the sidebar, above your user icon, click the **Settings** (gear) icon. @@ -161,7 +164,8 @@ To add a user to a workspace as a member: workspace to change the roles for that workspace's members. -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace for the member you want to change roles for. 3. In the workspace selector, select the name of the workspace that contains the member you want to change roles for. 4. In the sidebar, above your user icon, click the **Settings** (gear) icon. @@ -189,7 +193,8 @@ To add a user to a workspace as a member: (A user cannot be removed from their personal workspace within their personal account.) -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to remove a member from. 3. In the workspace selector, select the name of the workspace that you want to remove a member from. 4. In the sidebar, above your user icon, click the **Settings** (gear) icon. @@ -210,7 +215,8 @@ To make programmatic API calls to a workspace instead of using the UI, an API ke An API key can be used only with the workspace for which it was created. -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to create an API key for. 3. In the workspace selector, select the name of the workspace that you want to create an API key for. 4. In the sidebar, above your user icon, click the **Settings** (gear) icon. @@ -236,7 +242,8 @@ An API key is valid only for the workspace for which it was created. workspace to delete API keys from that workspace. -1. Sign in to your Unstructured account, at [https://platform.unstructured.io](https://platform.unstructured.io). +1. Depending on the location of the organizational account that you want to access, sign in to [https://platform.unstructured.io](https://platform.unstructured.io), + or sign in by using the URL for your organization's self-hosted deployment of Unstructured. 2. In the top navigation bar, in the organizational account selector, select the name of the organizational account that contains the workspace you want to delete an API key for. 3. In the workspace selector, select the name of the workspace that you want to delete an API key for. 4. In the sidebar, above your user icon, click the **Settings** (gear) icon.