diff --git a/content/en/docs/devops-user-guide/devops-administration/role-and-member-management.md b/content/en/docs/devops-user-guide/devops-administration/role-and-member-management.md index 7904b72b0..45d14805d 100644 --- a/content/en/docs/devops-user-guide/devops-administration/role-and-member-management.md +++ b/content/en/docs/devops-user-guide/devops-administration/role-and-member-management.md @@ -7,4 +7,75 @@ description: 'Role and Member Management' weight: 2240 --- -TBD +This guide demonstrates how to manage roles and members in your DevOps project. For the overview of KubeSphere roles, see the [Overview of Role Management](../todo). + +In DevOps project scope, you can grant the following resources' permissions to a role: + +- Pipelines +- Credentials +- DevOps Settings +- Access Control + +## Prerequisites + +At least one DevOps project has been created, such as `demo-devops`. And you need an account of the `devops-admin` role. See the [Create Workspace, Project, Account and Role](../../../quick-start/create-workspace-and-project/) if not yet. + +## Built-in roles + +In **Project Roles**, there are three available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when creating the DevOps project and they cannot be edited or deleted. + +| Built-in Roles | Description | +| ------------------ | ------------------------------------------------------------ | +| viewer | Allows viewer access to view all resources in the DevOps project. | +| operator | Normal member in a DevOps project who can create pipeline credentials in the DevOps project.| +| admin | Allows admin access to perform any action on any resource. It gives full control over all resources in the DevOps project. | + +## Create a DevOps Project Role + +1. Log in the console as `devops-admin` and select `demo-devops` under **DevOps Projects** list. +2. Go to **Project Roles** in **Project Management**, click **Create** and set a **Role Identifier**. In this example, a role named `pipeline-creator` will be created. + +![Create a devops project role](/images/docs/devops-admin/devops_role_step1.png) + +Click **Edit Authorization** to continue. + +3. In **Pipelines Management**, select the authorization that you want the user granted this role to have. For example, **Pipelines Management** and **Pipelines View** are selected for this role. Click OK to finish. + +![Edit Authorization](/images/docs/devops-admin/devops_role_step2.png) + +{{< notice note >}} + +**Depend on** means the major authorization (the one listed after **Depend on**) needs to be selected first so that the affiliated authorization can be assigned. + +{{}} + +4. Newly-created roles will be listed in **Project Roles**. You can click the three dots on the right to edit it. + +![Edit Roles](/images/docs/devops-admin/devops_role_list.png) + +{{< notice note >}} + +The role of `pipeline-creator` is only granted with Pipeline create/view permission, which may not satisfy your demand. This example is only for demonstration purpose. You can create customized roles based on your needs. + +{{}} + +## Invite a New Member + +1. In **Project Management**, select **Project Members** and click **Invite Member**. + +2. Invite a user to the DevOps project. Grant the role of `pipeline-creator` to the user. + +![invite member](/images/docs/devops-admin/devops_invite_member.png) + +{{< notice note >}} + +The user must be invited to the DevOps project's workspace first. + +{{}} + +3. After you add a user to the DevOps project, click **OK**. In **Project Members**, you can see the newly invited member listed. + +4. You can also change the role of an existing member by editing it or remove it from the DevOps project. + +![edit member role](/images/docs/devops-admin/devops_user_edit.png) + diff --git a/content/en/docs/project-administration/project-members.md b/content/en/docs/project-administration/project-members.md deleted file mode 100644 index 6330a1081..000000000 --- a/content/en/docs/project-administration/project-members.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: "Project Members" -keywords: 'KubeSphere, kubernetes, docker, helm, jenkins, istio, prometheus' -description: 'Project Members' - -linkTitle: "Project Members" -weight: 2130 ---- - -TBD \ No newline at end of file diff --git a/content/en/docs/project-administration/project-roles.md b/content/en/docs/project-administration/project-roles.md deleted file mode 100644 index 31abb5ebb..000000000 --- a/content/en/docs/project-administration/project-roles.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: "Project Roles" -keywords: 'KubeSphere, kubernetes, docker, helm, jenkins, istio, prometheus' -description: 'Volume Snapshots' - -linkTitle: "Project Roles" -weight: 2130 ---- - -TBD diff --git a/content/en/docs/project-administration/role-and-member-management.md b/content/en/docs/project-administration/role-and-member-management.md new file mode 100644 index 000000000..cd3b1fee3 --- /dev/null +++ b/content/en/docs/project-administration/role-and-member-management.md @@ -0,0 +1,89 @@ +--- +title: "Role and Member Management" +keywords: 'KubeSphere, kubernetes, docker, helm, jenkins, istio, prometheus' +description: 'Role and Member Management in a Project' + +linkTitle: "Role and Member Management" +weight: 2130 +--- + +This guide demonstrates how to manage roles and members in your project. For the overview of KubeSphere roles, see the [Overview of Role Management](../todo). + +In project scope, you can grant the following resources' permissions to a role: + +- Application Workloads +- Storage +- Configurations +- Monitoring & Alerting +- Project Settings +- Access Control + +## Prerequisites + +At least one project has been created, such as `demo-project`. And you need an account of the `project-admin` role. See the [Create Workspace, Project, Account and Role](../../quick-start/create-workspace-and-project/) if not yet. + +## Built-in roles + +In **Project Roles**, there are three available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when creating the project and they cannot be edited or deleted. You can only review permissions and authorized users. + +| Built-in Roles | Description | +| ------------------ | ------------------------------------------------------------ | +| viewer | Allows viewer access to view all resources in the namespace. | +| regular | The maintainer of the project who can manage resources other than users and roles in the project. | +| admin | Allows admin access to perform any action on any resource. It gives full control over all resources in the namespace. | + +1. In **Project Roles** , click on the title of `admin`. + +![view role details](/images/docs/project-admin/project_role_detail.png) + +2. You can also switch to the **Authorized Users** tab, to see all the users that are granted with an `admin` role. + +## Create a Project Role + +1. Log in the console as `project-admin` and select `demo-project` under **Projects** list. +2. Go to **Project Roles** in **Project Settings**, click **Create** and set a **Role Identifier**. In this example, a role named `project-monitor` will be created. + +![Create a project role](/images/docs/project-admin/project_role_create_step1.png) + +Click **Edit Authorization** to continue. + +3. Select the authorization that you want the user granted this role to have. For example, **Application Workloads View** in **Application Workloads**, **Alerting Messages View** and **Alerting Policies View** in **Monitoring & Alerting** are selected for this role. Click **OK** to finish. + +![Edit Authorization](/images/docs/project-admin/project_role_create_step2.png) + +{{< notice note >}} + +**Depend on** means the major authorization (the one listed after **Depend on**) needs to be selected first so that the affiliated authorization can be assigned. + +{{}} + +4. Newly-created roles will be listed in **Project Roles**. You can click the three dots on the right to edit it. + +![Edit Roles](/images/docs/project-admin/project_role_list.png) + +{{< notice note >}} + +The role of `project-monitor` is only granted with Monitoring & Alerting view permission, which may not satisfy your demand. This example is only for demonstration purpose. You can create customized roles based on your needs. + +{{}} + +## Invite a New Member + +1. In **Project Settings**, select **Project Members** and click **Invite Member**. + +2. Invite a user to the project. Grant the role of `project-monitor` to the user. + +![invite member](/images/docs/project-admin/project_invite_member_step2.png) + +{{< notice note >}} + +The user must be invited to the project's workspace first. + +{{}} + +3. After you add a user to the project, click **OK**. In **Project Members**, you can see the newly invited member listed. + +4. You can also change the role of an existing member by editing it or remove it from the project. + +![edit member role](/images/docs/project-admin/project_user_edit.png) + diff --git a/content/en/docs/workspaces-administration/release-v210.md b/content/en/docs/workspaces-administration/release-v210.md deleted file mode 100644 index 9442d12ca..000000000 --- a/content/en/docs/workspaces-administration/release-v210.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -title: "Role and Member Management" -keywords: "kubernetes, workspace, kubesphere, multitenancy" -description: "Role and Member Management in a Workspace" - -linkTitle: "Role and Member Management" -weight: 200 ---- - -TBD diff --git a/content/en/docs/workspaces-administration/role-and-member-management.md b/content/en/docs/workspaces-administration/role-and-member-management.md new file mode 100644 index 000000000..797cae4d7 --- /dev/null +++ b/content/en/docs/workspaces-administration/role-and-member-management.md @@ -0,0 +1,90 @@ +--- +title: "Role and Member Management" +keywords: "kubernetes, workspace, kubesphere, multitenancy" +description: "Role and Member Management in a Workspace" + +linkTitle: "Role and Member Management" +weight: 200 +--- + +This guide demonstrates how to manage roles and members in your workspace. For the overview of KubeSphere roles, see the [Overview of Role Management](../todo). + +In workspace scope, you can grant the following resources' permissions to a role: + +- Projects +- DevOps +- Access Control +- Apps Management +- Workspace Settings + +## Prerequisites + +At least one workspace has been created, such as `demo-workspace`. And you need an account of the `workspace-admin` role. See the [Create Workspace, Project, Account and Role](../../quick-start/create-workspace-and-project/) if not yet. + +{{< notice note >}} + +The actual role name follows a naming convention: `workspace name-role name`. For example, in this workspace named `demo-workspace`, the actual role name of the role `workspace-admin` is `demo-workspace-admin`. + +{{}} + +## Built-in roles + +In **Workspace Roles**, there are four available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when creating the workspace and they cannot be edited or deleted. You can only review permissions and authorized users. + +| Built-in Roles | Description | +| ------------------ | ------------------------------------------------------------ | +| workspace-viewer | Allows viewer access to view all resources in the workspace. | +| workspace-self-provisioner | Regular user in the workspace who can create namespaces and DevOps projects. | +| workspace-regular | Regular user in the workspace who cannot create namespaces or DevOps projects. | +| workspace-admin | Allows admin access to perform any action on any resource. It gives full control over all resources in the workspace. | + +1. In **Workspace Roles** , click on the title of `workspace-admin`. + +![invite member](/images/docs/ws-admin/workspace_role_detail.png) + +2. You can also switch to the **Authorized Users** tab, to see all the users that are granted with a `workspace-admin` role. + +## Create a Workspace Role + +1. Log in the console as `ws-admin` and go to **Workspace Roles** in **Workspace Settings**. +2. In **Workspace Roles**, click **Create** and set a **Role Identifier**. In this example, a role named `workspace-projects-manager` will be created. + +![Create a workspace role](/images/docs/ws-admin/workspace_role_create_step1.png) + +Click **Edit Authorization** to continue. + +3. In **Projects management**, select the authorization that you want the user granted this role to have. For example, **Projects Create**, **Projects Management**, and **Projects View** are selected for this role. Click **OK** to finish. + +![Edit Authorization](/images/docs/ws-admin/workspace_role_create_step2.png) + +{{< notice note >}} + +**Depend on** means the major authorization (the one listed after **Depend on**) needs to be selected first so that the affiliated authorization can be assigned. + +{{}} + +4. Newly-created roles will be listed in **Workspace Roles**. You can click the three dots on the right to edit it. + +![Edit Roles](/images/docs/ws-admin/workspace_role_edit.png) + +{{< notice note >}} + +The role of `workspace-projects-manager` is only granted with Projects create/view permission, which may not satisfy your demand. This example is only for demonstration purpose. You can create customized roles based on your needs. + +{{}} + +## Invite a New Member + +1. In **Workspace Settings**, select **Workspace Members** and click **Invite Member**. + +2. Invite a user to the workspace. Grant the role `workspace-projects-manager` to the user. + +![invite member](/images/docs/ws-admin/workspace_invite_user.png) + + +3. After you add a user to the workspace, click **OK**. In **Workspace Members**, you can see the newly invited member listed. + +4. You can also change the role of an existing member by editing it or remove it from the workspace. + +![edit member role](/images/docs/ws-admin/workspace_user_edit.png) + diff --git a/static/images/docs/devops-admin/devops_invite_member.png b/static/images/docs/devops-admin/devops_invite_member.png new file mode 100644 index 000000000..50470e7cb Binary files /dev/null and b/static/images/docs/devops-admin/devops_invite_member.png differ diff --git a/static/images/docs/devops-admin/devops_role_list.png b/static/images/docs/devops-admin/devops_role_list.png new file mode 100644 index 000000000..3ba6c91d5 Binary files /dev/null and b/static/images/docs/devops-admin/devops_role_list.png differ diff --git a/static/images/docs/devops-admin/devops_role_step1.png b/static/images/docs/devops-admin/devops_role_step1.png new file mode 100644 index 000000000..d1fc54f45 Binary files /dev/null and b/static/images/docs/devops-admin/devops_role_step1.png differ diff --git a/static/images/docs/devops-admin/devops_role_step2.png b/static/images/docs/devops-admin/devops_role_step2.png new file mode 100644 index 000000000..9cd6cf54e Binary files /dev/null and b/static/images/docs/devops-admin/devops_role_step2.png differ diff --git a/static/images/docs/devops-admin/devops_user_edit.png b/static/images/docs/devops-admin/devops_user_edit.png new file mode 100644 index 000000000..1151551dc Binary files /dev/null and b/static/images/docs/devops-admin/devops_user_edit.png differ diff --git a/static/images/docs/project-admin/project_invite_member_step1.png b/static/images/docs/project-admin/project_invite_member_step1.png new file mode 100644 index 000000000..7fd5aa22e Binary files /dev/null and b/static/images/docs/project-admin/project_invite_member_step1.png differ diff --git a/static/images/docs/project-admin/project_invite_member_step2.png b/static/images/docs/project-admin/project_invite_member_step2.png new file mode 100644 index 000000000..5803ebdce Binary files /dev/null and b/static/images/docs/project-admin/project_invite_member_step2.png differ diff --git a/static/images/docs/project-admin/project_role_create_step1.png b/static/images/docs/project-admin/project_role_create_step1.png new file mode 100644 index 000000000..82c7eb989 Binary files /dev/null and b/static/images/docs/project-admin/project_role_create_step1.png differ diff --git a/static/images/docs/project-admin/project_role_create_step2.png b/static/images/docs/project-admin/project_role_create_step2.png new file mode 100644 index 000000000..6e3b2a4dd Binary files /dev/null and b/static/images/docs/project-admin/project_role_create_step2.png differ diff --git a/static/images/docs/project-admin/project_role_detail.png b/static/images/docs/project-admin/project_role_detail.png new file mode 100644 index 000000000..df64153d1 Binary files /dev/null and b/static/images/docs/project-admin/project_role_detail.png differ diff --git a/static/images/docs/project-admin/project_role_list.png b/static/images/docs/project-admin/project_role_list.png new file mode 100644 index 000000000..77e17ad86 Binary files /dev/null and b/static/images/docs/project-admin/project_role_list.png differ diff --git a/static/images/docs/project-admin/project_user_edit.png b/static/images/docs/project-admin/project_user_edit.png new file mode 100644 index 000000000..526f8b214 Binary files /dev/null and b/static/images/docs/project-admin/project_user_edit.png differ diff --git a/static/images/docs/ws-admin/workspace_invite_user.png b/static/images/docs/ws-admin/workspace_invite_user.png new file mode 100644 index 000000000..51a6fbf51 Binary files /dev/null and b/static/images/docs/ws-admin/workspace_invite_user.png differ diff --git a/static/images/docs/ws-admin/workspace_role_create_step1.png b/static/images/docs/ws-admin/workspace_role_create_step1.png new file mode 100644 index 000000000..f868f3aea Binary files /dev/null and b/static/images/docs/ws-admin/workspace_role_create_step1.png differ diff --git a/static/images/docs/ws-admin/workspace_role_create_step2.png b/static/images/docs/ws-admin/workspace_role_create_step2.png new file mode 100644 index 000000000..23fb7fa06 Binary files /dev/null and b/static/images/docs/ws-admin/workspace_role_create_step2.png differ diff --git a/static/images/docs/ws-admin/workspace_role_detail.png b/static/images/docs/ws-admin/workspace_role_detail.png new file mode 100644 index 000000000..7ba5765c8 Binary files /dev/null and b/static/images/docs/ws-admin/workspace_role_detail.png differ diff --git a/static/images/docs/ws-admin/workspace_role_edit.png b/static/images/docs/ws-admin/workspace_role_edit.png new file mode 100644 index 000000000..473249926 Binary files /dev/null and b/static/images/docs/ws-admin/workspace_role_edit.png differ diff --git a/static/images/docs/ws-admin/workspace_user_edit.png b/static/images/docs/ws-admin/workspace_user_edit.png new file mode 100644 index 000000000..ea85a174a Binary files /dev/null and b/static/images/docs/ws-admin/workspace_user_edit.png differ