Merge pull request #1631 from Sherlock113/roleworks

Update Role and Member Management guide

content/en/docs/workspace-administration/role-and-member-management.md

@@ -1,22 +1,22 @@
 ---
-title: "Role and Member Management In Your Workspace"
+title: "Workspace Role and Member Management"
 keywords: "Kubernetes, workspace, KubeSphere, multitenancy"
 description: "Customize a workspace role and grant it to tenants."
-linkTitle: "Role and Member Management"
+linkTitle: "Workspace Role and Member Management"
 weight: 9400
 ---
 
-This guide demonstrates how to manage roles and members in your workspace. At the workspace level, you can grant the following resources' permissions to a role:
+This tutorial demonstrates how to manage roles and members in a workspace. At the workspace level, you can grant permissions in the following modules to a role:
 
-- Projects
-- DevOps
-- Access Control
-- Apps Management
-- Workspace Settings
+- **Project Management**
+- **DevOps Project Management**
+- **App Management**
+- **Access Control**
+- **Workspace Settings**
 
 ## Prerequisites
 
-At least one workspace has been created, such as `demo-workspace`. Besides, you need an account of the `workspace-admin` role (e.g. `ws-admin`) at the workspace level. See [Create Workspaces, Projects, Accounts and Roles](../../quick-start/create-workspace-and-project/) if they are not ready yet.
+At least one workspace has been created, such as `demo-workspace`. Besides, you need an account of the `workspace-admin` role (e.g. `ws-admin`) at the workspace level. For more information, see [Create Workspaces, Projects, Accounts and Roles](../../quick-start/create-workspace-and-project/).
 
 {{< notice note >}} 
 
@@ -26,67 +26,51 @@ The actual role name follows a naming convention: `workspace name-role name`. Fo
 
 ## Built-in Roles
 
-In **Workspace Roles**, there are four available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a workspace is created and they cannot be edited or deleted. You can only review permissions and authorized users.
+In **Workspace Roles**, there are four available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a workspace is created and they cannot be edited or deleted. You can only view permissions included in a built-in role or assign it to a user.
 
 | Built-in Roles     | Description                                                  |
 | ------------------ | ------------------------------------------------------------ |
-| workspace-viewer | The viewer in the workspace who can view all resources in the workspace. |
-| workspace-self-provisioner     | The regular user in the workspace who can create projects and DevOps projects. |
-| workspace-regular   | The regular user in the workspace who cannot create projects or DevOps projects. |
-| workspace-admin     | The administrator in the workspace who can perform any action on any resource. It gives full control over all resources in the workspace. |
+| `workspace-viewer` | The viewer in the workspace who can view all resources in the workspace. |
+| `workspace-self-provisioner`   | The regular user in the workspace who can create projects and DevOps projects. |
+| `workspace-regular` | The regular user in the workspace who cannot create projects or DevOps projects. |
+| `workspace-admin`   | The administrator in the workspace who can perform any action on any resource. It gives full control over all resources in the workspace. |
 
-1. In **Workspace Roles** , click `workspace-admin` and you can see the role detail as shown below.
+To view the permissions that a role contains:
 
-   ![workspace_role_detail](/images/docs/workspace-administration/role-and-member-management/workspace_role_detail.png)
+1. Log in to the console as `ws-admin`. In **Workspace Roles**, click a role (for example, `workspace-admin`) and you can see role details as shown below.
 
-2. You can switch to **Authorized Users** tab to see all the users that are granted the `workspace-admin` role.
+   ![role-permissions](/images/docs/workspace-administration/role-and-member-management/role-permissions.png)
+
+2. Click the **Authorized Users** tab to see all the users that are granted the role.
 
 ## Create a Workspace Role
 
-1. Log in to the console as `ws-admin` and go to **Workspace Roles** in **Workspace Settings**.
+1. Navigate to **Workspace Roles** under **Workspace Settings**.
 
-   {{< notice note >}}
+2. In **Workspace Roles**, click **Create** and set a role **Name** (for example, `demo-project-admin`). Click **Edit Permissions** to continue.
 
-   The account `ws-admin` is used as an example. As long as the account you are using is granted a role including the authorization of **Workspace Members View**, **Workspace Roles Management** and **Workspace Roles View** in **Access Control** at the workspace level, it can create a workspace role.
-
-   {{</ notice >}} 
-
-2. In **Workspace Roles**, click **Create** and set a **Role Identifier**. In this example, a role named `workspace-projects-admin` will be created. Click **Edit Authorization** to continue.
-
-   ![workspace_role_create_step1](/images/docs/workspace-administration/role-and-member-management/workspace_role_create_step1.png)
-
-3. In **Projects management**, select the authorization that you want this role to contain. For example, **Projects Create**, **Projects Management**, and **Projects View** are selected for this role. Click **OK** to finish.
-
-   ![workspace_role_create_step2](/images/docs/workspace-administration/role-and-member-management/workspace_role_create_step2.png)
+3. In the pop-up window, permissions are categorized into different **Modules**. In this example, click **Project Management** and select **Project Creation**, **Project Management**, and **Project Viewing** for this role. Click **OK** to finish creating the role.
 
    {{< notice note >}} 
 
-   **Depend on** means the major authorization (the one listed after **Depend on**) needs to be selected first so that the affiliated authorization can be assigned.
+   **Depends on** means the major permission (the one listed after **Depends on**) needs to be selected first so that the affiliated permission can be assigned.
 
    {{</ notice >}} 
 
-4. Newly-created roles will be listed in **Workspace Roles**. You can click the three dots on the right to edit it.
+4. Newly-created roles will be listed in **Workspace Roles**. To edit an existing role, click <img src="/images/docs/workspace-administration/role-and-member-management/three-dots.png" height="20px"> on the right.
 
-   ![workspace_role_edit](/images/docs/workspace-administration/role-and-member-management/workspace_role_edit.png)
-
-   {{< notice note >}} 
-
-   The role of `workspace-projects-admin` is only granted **Projects Create**, **Projects Management**, and **Projects View**, which may not satisfy your need. This example is only for demonstration purpose. You can create customized roles based on your needs.
-
-   {{</ notice >}} 
+   ![role-list](/images/docs/workspace-administration/role-and-member-management/role-list.png)
 
 ## Invite a New Member
 
-1. In **Workspace Settings**, select **Workspace Members** and click **Invite Member**.
-
-2. Invite a user to the workspace. Grant the role `workspace-projects-admin` to the user. 
-
-   ![workspace_invite_user](/images/docs/workspace-administration/role-and-member-management/workspace_invite_user.png)
+1. Navigate to **Workspace Members** under **Workspace Settings**, and click **Invite Member**.
+2. Invite a user to the workspace by clicking <img src="/images/docs/workspace-administration/role-and-member-management/add.png" height="20px"> on the right of it and assign a role to it.
 
 
-3. After you add a user to the workspace, click **OK**. In **Workspace Members**, you can see the newly invited member listed.
 
-4. You can also change the role of an existing member by editing it or remove it from the workspace.
+3. After you add the user to the workspace, click **OK**. In **Workspace Members**, you can see the user in the list.
 
-   ![workspace_user_edit](/images/docs/workspace-administration/role-and-member-management/workspace_user_edit.png)
+4. To edit the role of an existing user or remove the user from the workspace, click <img src="/images/docs/workspace-administration/role-and-member-management/three-dots.png" height="20px"> on the right and select the corresponding operation.
+
+   ![edit-existing-user](/images/docs/workspace-administration/role-and-member-management/edit-existing-user.png)
 

content/zh/docs/workspace-administration/role-and-member-management.md

@@ -1,22 +1,22 @@
 ---
-title: "角色和成员管理"
+title: "企业空间角色和成员管理"
 keywords: "Kubernetes, workspace, KubeSphere, 多租户"
 description: "自定义企业空间角色并将角色授予用户。"
-linkTitle: "角色和成员管理"
+linkTitle: "企业空间角色和成员管理"
 weight: 9400
 ---
 
-本指南向您演示如何在企业空间中管理角色和成员。在企业空间级别，您可以向一个角色授予以下资源的权限：
+本教程演示如何在企业空间中管理角色和成员。在企业空间级别，您可以向角色授予以下模块中的权限：
 
-- 项目
-- DevOps
-- 访问控制
-- 应用管理
-- 企业空间设置
+- **项目管理**
+- **DevOps 工程管理**
+- **应用管理**
+- **访问控制**
+- **企业空间设置**
 
 ## 准备工作
 
-至少已创建一个企业空间，例如 `demo-workspace`。您还需要准备一个帐户（如 `ws-admin`），该帐户在企业空间层级拥有 `workspace-admin` 角色。如果不清楚怎样进行准备工作，请参见[创建企业空间、项目、帐户和角色](../../quick-start/create-workspace-and-project/)。
+至少已创建一个企业空间，例如 `demo-workspace`。您还需要准备一个帐户（如 `ws-admin`），该帐户在企业空间级别具有 `workspace-admin` 角色。有关更多信息，请参见[创建企业空间、项目、帐户和角色](../../quick-start/create-workspace-and-project/)。
 
 {{< notice note >}} 
 
@@ -26,65 +26,50 @@ weight: 9400
 
 ## 内置角色
 
-在**企业角色**中，列出了如下所示的四个可用内置角色。创建企业空间时，KubeSphere 会自动创建内置角色，并且内置角色无法进行编辑或删除。您只能查看权限和授权用户。
+**企业角色**页面列出了以下四个可用的内置角色。创建企业空间时，KubeSphere 会自动创建内置角色，并且内置角色无法进行编辑或删除。您只能查看内置角色的权限或将其分配给用户。
 
 | **内置角色** | **描述信息**                                          |
 | ------------------ | ------------------------------------------------------------ |
-| workspace-viewer | 企业空间的观察者，可以查看企业空间下所有的资源信息。 |
-| workspace-self-provisioner     | 企业空间普通成员，可以在企业空间下创建项目和 DevOps 工程。 |
-| workspace-regular   | 企业空间普通成员，无法在企业空间下创建项目和 DevOps 工程。 |
-| workspace-admin     | 企业空间管理员，可对任何资源进行任意操作。它可以充分管理企业空间下所有的资源。 |
+| `workspace-viewer` | 企业空间的观察者，可以查看企业空间下所有的资源。 |
+| `workspace-self-provisioner`   | 企业空间普通成员，可以在企业空间下创建项目和 DevOps 工程。 |
+| `workspace-regular` | 企业空间普通成员，无法在企业空间下创建项目和 DevOps 工程。 |
+| `workspace-admin`   | 企业空间管理员，可对任何资源进行任意操作。它可以充分管理企业空间下所有的资源。 |
 
-1. 在**企业角色**中，点击 `workspace-admin` 就可以查看如下所示的角色详情。
+若要查看角色所含权限：
 
-   ![企业成员详情](/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/workspace-role-detail.PNG)
+1. 以 `ws-admin` 身份登录控制台。在**企业角色**中，点击一个角色（例如，`workspace-admin`）以查看角色详情。
 
-2. 您可以切换到**授权用户**标签页，查看被授予 `workspace-admin` 角色的所有用户。
+   ![role-details](/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/role-details.png)
+
+2. 点击**授权用户**选项卡，查看被授予该角色的所有用户。
 
 ## 创建企业角色
 
-1. 以 `ws-admin` 身份登录控制台，转到**企业空间设置**下的**企业角色**。
+1. 转到**企业空间设置**下的**企业角色**。
 
-   {{< notice note >}}
+2. 在**企业角色**中，点击**创建**并设置**角色标识符**（例如，`demo-project-admin`）。点击**编辑权限**继续。
 
-此处使用 `ws-admin` 帐户作为示例。只要帐户在企业空间层级被授予的角色拥有**访问控制**下的**成员查看**、**角色查看**以及**角色管理**权限，您就可以使用该帐户创建企业角色。
-
-   {{</ notice >}} 
-
-2. 在**企业角色**中，点击**创建**并设置**角色标识符**。本示例将创建一个名为 `workspace-projects-admin` 的角色。点击**编辑权限**继续。
-
-   ![创建企业角色步骤一](/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/workspace-role-create-step1.PNG)
-
-3. 在**项目管理**中，选择该角色所包含的权限。本示例中，为该角色选择了**项目创建**、**项目管理**和**项目查看**。点击**确定**完成操作。
-
-   ![编辑权限](/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/workspace-role-create-step2.PNG)
+3. 在弹出的窗口中，权限归类在不同的**模块**下。在本示例中，点击**项目管理**，并为该角色选择**项目创建**、**项目管理**和**项目查看**。点击**确定**完成操作。
 
    {{< notice note >}} 
 
-**依赖于**意味着当前授权项依赖列出的授权项，系统会自动选上该依赖项。
+**依赖于**表示当前授权项依赖所列出的授权项，勾选该权限后系统会自动选上所有依赖权限。
 
    {{</ notice >}} 
 
-4. 新创建的角色将在**企业角色**中列出。您可以点击右侧的三个点对其进行编辑。
+4. 新创建的角色将在**企业角色**中列出，点击右侧的 <img src="/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/three-dots.png" height="20px"> 以编辑该角色。
 
-   ![编辑角色](/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/workspace-role-edit.PNG)
-
-   {{< notice note >}} 
-
-本示例中仅为 `workspace-projects-admin` 角色授予了**项目创建**、**项目管理**和**项目查看**权限用作演示。如果您有更多需求，可以按需创建自定义角色。
-
-   {{</ notice >}} 
+   ![role-list](/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/role-list.png)
 
 ## 邀请新成员
 
-1. 在**企业空间设置**中，转到**企业成员**，再点击**邀请成员**。
-2. 邀请一名成员加入企业空间，并为其授予 `workspace-projects-admin` 角色。
+1. 转到**企业空间设置**下**企业成员**，点击**邀请成员**。
+2. 点击右侧的 <img src="/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/add.png" height="20px"> 以邀请一名成员加入企业空间，并为其分配一个角色。
 
-   ![邀请成员](/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/workspace-invite-user.PNG)
 
 
 3. 将成员加入企业空间后，点击**确定**。您可以在**企业成员**列表中查看新邀请的成员。
-4. 您也可以编辑现有成员以更改其角色或将其从企业空间中移除。
 
-   ![编辑成员角色](/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/workspace-user-edit.PNG)
+4. 若要编辑现有成员的角色或将其从企业空间中移除，点击右侧的 <img src="/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/three-dots.png" height="20px"> 并选择对应的操作。
 
+   ![edit-existing-user](/images/docs/zh-cn/workspace-administration-and-user-guide/role-and-member-management/edit-existing-user.png)