-
Notifications
You must be signed in to change notification settings - Fork 455
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into dhartunian-patch-1
- Loading branch information
Showing
10 changed files
with
67 additions
and
77 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -84,3 +84,4 @@ date,sha | |
2024-04-09,null | ||
2024-04-17,null | ||
2024-04-18,null | ||
2024-05-12,null |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,10 @@ | ||
{{site.data.alerts.callout_info}} | ||
The user who creates a new organization is assigned a combination of Org Administrator, Billing Coordinator, and Cluster Admin at the organization scope. Any of these roles may subsequently be removed, although another user must have the Org Administrator role and the Cluster Admin role at the organization scope, before either of those can be removed. This is to ensure that at least one user has each of these roles. | ||
The user who creates a new organization is assigned the following [roles]({% link cockroachcloud/authorization.md %}#organization-user-roles) at the organization scope: | ||
|
||
- [Org Administrator]({% link cockroachcloud/authorization.md %}#org-administrator) | ||
- [Billing Coordinator]({% link cockroachcloud/authorization.md %}#billing-coordinator) | ||
- [Cluster Administrator]({% link cockroachcloud/authorization.md %}#cluster-administrator) | ||
- [Folder Administrator]({% link cockroachcloud/authorization.md %}#folder-admin) | ||
|
||
Any of these roles may subsequently be removed by a user with both the Org Administrator role and the Cluster Admin role at the organization scope. This is to ensure that at least one user has both of these roles. | ||
{{site.data.alerts.end}} |
1 change: 1 addition & 0 deletions
1
src/current/_includes/cockroachcloud/limitations/limitation-ccloud-folders.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
- It is not possible to use the `ccloud` command to view the {% if page.name == 'ccloud-get-started.md' %} [folder]({% link cockroachcloud/folders.md %}){% else %}folder{% endif %} structure, move a cluster or folder into or out of a folder, or assign the `FOLDER_ADMIN` or `FOLDER_MOVER` roles. |
5 changes: 5 additions & 0 deletions
5
src/current/_includes/cockroachcloud/org-roles/folder-admin.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
A {% if page.name == 'authorization.md' %}**Folder Admin**{% else %}[**Folder Admin**]({% link cockroachcloud/authorization.md %}#folder-admin){% endif %} can create, rename, and move, or delete folders where they are granted the role, and they can also manage access to these folders. This role can be granted at the level of the organization or on a specific folder. If granted at the level of the organization, the role grants the ability to view all users and service accounts in the organization. If granted on a specific folder, the role is inherited by descendant folders. | ||
|
||
A user with the {% if page.name == 'authorization.md' %}[Org Administrator](#org-administrator){% else %}[Org Administrator]({% link cockroachcloud/authorization.md %}#org-administrator){% endif %} role can grant themselves, another user, or a service account the Folder Admin role. | ||
|
||
To create or manage clusters in a folder, a Folder Admin also needs the {% if page.name == 'authorization.md' %}[Cluster Administrator](#cluster-administrator) or [Cluster Creator](#cluster-creator){% else %}[Cluster Administrator]({% link cockroachcloud/authorization.md %}#cluster-administrator) or [Cluster Creator]({% link cockroachcloud/authorization.md %}#cluster-creator){% endif %} role on that folder directly or by inheritance. To delete a cluster, the Cluster Administrator role is required on the cluster directly or by inheritance. |
7 changes: 7 additions & 0 deletions
7
src/current/_includes/cockroachcloud/org-roles/folder-mover.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
A {% if page.name == 'authorization.md' %}**Folder Mover**{% else %}[**Folder Mover**]({% link cockroachcloud/authorization.md %}#folder-mover){% endif %} can rename or move descendant folders, and can move clusters within the folder hierarchy where they have the role. However, a Folder Mover cannot create or delete folders or clusters, and cannot assign roles. A Folder Mover can move clusters within the folder hierarchy even if they do not have a role that allows them to connect to the cluster, such as {% if page.name == 'authorization.md' %}[Cluster Creator](#cluster-creator) or [Cluster Operator](#cluster-operator){% else %}[Cluster Administrator]({% link cockroachcloud/authorization.md %}#cluster-administrator) or [Cluster Operator]({% link cockroachcloud/authorization.md %}#cluster-operator{% endif %}). | ||
|
||
{{site.data.alerts.callout_info}} | ||
A cluster cannot be renamed. | ||
{{site.data.alerts.end}} | ||
|
||
A user with the {% if page.name == 'authorization.md' %}[Org Administrator](#org-administrator) or [Folder Admin](#folder-admin){% else %}[Org Administrator]({% link cockroachcloud/authorization.md %}#org-administrator) or [Folder Admin]({% link cockroachcloud/authorization.md %}#folder-admin){% endif %} role can grant another user or a service account the Folder Mover role. Because the Folder Admin role is a superset of Folder Mover, there is no need for a Folder Admin to grant themselves the Folder Mover role. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
## May 12, 2024 | ||
|
||
<h3 id="2024-05-12-security-updates"> Security updates </h3> | ||
|
||
- [Folders]({% link cockroachcloud/folders.md %}) are now available in [preview](https://www.cockroachlabs.com/docs/stable/cockroachdb-feature-availability). | ||
- The initial [Org Administrator]({% link cockroachcloud/authorization.md %}#org-administrator) is now automatically assigned the [Folder Admin]({% link cockroachcloud/authorization.md %}#folder-admin) role. | ||
- A [Folder Admin]({% link cockroachcloud/authorization.md %}#folder-admin) can now view all users and service accounts. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.