You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/en/cloud/security/roles.md
+27-6Lines changed: 27 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,11 +1,12 @@
1
1
---
2
2
title: Roles
3
3
description: >
4
-
A role contains a set of permissions that allows you to perform specific actions on Layer5 Cloud resources. To make permissions available to principals, including users, you grant roles to the principals.
4
+
Roles map permissions to users. Roles contain any number of keychains, which contain any number of keys (permissions). Assign roles to users to grant permissions.
5
5
date: 2023-10-30
6
6
categories: [Security]
7
7
tags: [roles, permissions]
8
8
---
9
+
Roles map permissions to users. Roles contain any number of keychains, which contain any number of keys (permissions). Assign roles to users to grant permissions.
9
10
10
11
## Provider Admin Role
11
12
@@ -44,19 +45,24 @@ tags: [roles, permissions]
44
45
{{% card header="Organization Adminstrator" %}}
45
46
46
47
**What is the purpose of this role?**
48
+
47
49
- Administration of an organization
48
50
49
51
**Who can assign this role?**
52
+
50
53
- The Organization Owner
51
54
52
55
**When this role first assigned?**
56
+
53
57
- Creation of new organization or User Account creation
54
58
55
59
**How many instances of these roles?**
60
+
56
61
- Min: 1, Max: many (based on plan)
57
62
- By default, the first Organization Admin is the owner (the creator of the organization).
58
63
59
64
**Who can remove assignment of this role?**
65
+
60
66
- Organization Owner
61
67
62
68
{{% /card %}}
@@ -86,8 +92,12 @@ tags: [roles, permissions]
86
92
{{< /cardpane >}}
87
93
88
94
{{< alert title="Organization owners as entitlements" >}}
89
-
It's essential to understand that organization owners are not roles but entitlements. These entitlements are automatically assigned to the user who creates an organization. They are granted certain administrative privileges within the organization, allowing them to manage its settings and members effectively, including the administrative privilege to delete the organization.
90
-
<br><br>
95
+
It's essential to understand that owners are not roles, but entitlements.
96
+
97
+
Organization owners carry the organization administrator role, and may be joined in their organization administration duties by any number of other users carrying the organization administrator role. However, the organization owner also has the administrative privilege to delete the organization.
98
+
99
+
The entitlement of "organization owner" is automatically bestowed to the creator of a organization. The individual user who created a given organization initially is therefore granted certain administrative privileges beyond that of other organization administrators. Specifically, organization owners retain the sole permission to delete the organization.
100
+
91
101
For more information, see [Organization](/cloud/identity/organizations).
92
102
{{< /alert >}}
93
103
@@ -96,12 +106,15 @@ For more information, see [Organization](/cloud/identity/organizations).
96
106
{{< cardpane >}}
97
107
{{% card header="Team Adminstrator" %}}
98
108
**What is the purpose of this role?**
109
+
99
110
- Administration of teams
100
111
101
112
**Who can assign and unassign this role?**
113
+
102
114
- Organization Administrator or Team owner
103
115
104
116
**When this role first assigned?**
117
+
105
118
- Creation of new team or User Account creation
106
119
- By default, the first Team Admin is owner (the team creator)
107
120
@@ -111,22 +124,30 @@ Min: 1, Max: many
111
124
{{% /card %}}
112
125
{{% card header="Team Manager" %}}
113
126
**What is the purpose of this role?**
127
+
114
128
- Administration of teams (without delete access)
115
129
116
130
**Who can assign and unassign this role?**
131
+
117
132
- Organization Administrators or Team Owner
118
133
119
134
**When this role first assigned?**
135
+
120
136
- Manually by Organization Administrator or Team Owner
121
137
122
138
**How many instances of these roles?**
139
+
123
140
- Min: 0, Max: many
124
141
{{% /card %}}
125
142
{{< /cardpane >}}
126
143
127
-
{{< alert title="Team owners as entitlements" >}}
128
-
It's essential to understand that team owners are not roles but entitlements. These entitlements are automatically assigned to the user who creates an team within an organization. They are granted certain administrative privileges within the team, allowing them to manage its settings and members effectively, including the administrative privilege to delete the team.
129
-
<br><br>
144
+
{{< alert title="Owners as entitlements, not roles" >}}
145
+
It's essential to understand that owners are not roles, but entitlements.
146
+
147
+
Team owners carry the team administrator role, and may be joined in their team administration duties by any number of other users carrying the team administrator role. However, the team owner also has the administrative privilege to delete the team.
148
+
149
+
The entitlement of "team owner" is automatically bestowed to the creator of a team. The individual user who created a given team initially is therefore granted certain administrative privileges beyond that of other team administrators. Specifically, team owners retain the sole permission to delete the team.
150
+
130
151
For more information, see [Teams](/cloud/identity/teams).
0 commit comments