docs: Add initial docs to groups and rbac (#4455)

* docs: Add initial docs to groups and rbac

* Update manifest

* Apply suggestions from code review

Co-authored-by: Joe Previte <jjprevite@gmail.com>

* use single user icon

* chore: add labels and standardize enterprise messaging

* clarify template role

* add groups role

* fix typo

* rename access to use

Co-authored-by: Joe Previte <jjprevite@gmail.com>
Co-authored-by: Ben <me@bpmct.net>
This commit is contained in:
Bruno Quaresma
2022-10-11 15:34:41 -03:00
committed by GitHub
parent 9dcbe753f4
commit c13e68248b
14 changed files with 70 additions and 17 deletions

View File

@ -1,6 +1,6 @@
# Audit Logs # Audit Logs
Audit Logs allows **Admins** and **Auditors** to monitor user operations in Audit Logs allows **Auditors** to monitor user operations in
their deployment. their deployment.
## Tracked Events ## Tracked Events
@ -32,4 +32,4 @@ The supported filters are:
## Enabling this feature ## Enabling this feature
This feature is auto enabled for all enterprise deployments. Admins may contact us to purchase a license [here](https://coder.com/contact?note=I%20want%20to%20upgrade%20my%20license). This feature is only available with an enterprise license. [Learn more](./enterprise.md)

View File

@ -7,13 +7,14 @@ These features are available in the enterprise edition:
- [Audit Logging](./audit-logs.md) - [Audit Logging](./audit-logs.md)
- [Browser Only Connections](../networking.md#browser-only-connections) - [Browser Only Connections](../networking.md#browser-only-connections)
- [Groups](./groups.md)
- [Template RBAC](./rbac.md)
- [Quotas](./quotas.md) - [Quotas](./quotas.md)
- [SCIM](./auth.md#scim) - [SCIM](./auth.md#scim)
And we're releasing these imminently: And we're releasing these imminently:
- High Availability - High Availability
- Template RBAC
- Multiple Git Provider Authentication - Multiple Git Provider Authentication
## Adding your license key ## Adding your license key

10
docs/admin/groups.md Normal file
View File

@ -0,0 +1,10 @@
# Groups
Groups can be used with [template RBAC](./rbac.md) to give groups of users access to specific templates.
![Groups](../images/groups.png)
## Enabling this feature
This feature is only available with an enterprise license. [Learn more](./enterprise.md)

View File

@ -15,6 +15,10 @@ Then, when users create workspaces they would see:
<img src="../images/admin/quotas.png"/> <img src="../images/admin/quotas.png"/>
## Enabling this feature
This feature is only available with an enterprise license. [Learn more](./enterprise.md)
## Up next ## Up next
- [Enterprise](./enterprise.md) - [Enterprise](./enterprise.md)

18
docs/admin/rbac.md Normal file
View File

@ -0,0 +1,18 @@
# Role Based Access Control (RBAC)
Use RBAC to define which users and [groups](./groups.md) can use specific templates in Coder.
![rbac](../images/template-rbac.png)
The "Everyone" group makes a template accessible to all users. This can be removed to make a template private.
## Permissions
You can set the following permissions:
- **Admin**: Read, use, edit, push, and delete
- **View**: Read, use
## Enabling this feature
This feature is only available with an enterprise license. [Learn more](./enterprise.md)

View File

@ -7,10 +7,11 @@ This article walks you through the user roles available in Coder and creating an
Coder offers these user roles in the community edition: Coder offers these user roles in the community edition:
| | User Admin | Template Admin | Owner | | | User Admin | Template Admin | Owner |
| ------------------------------------------ | ---------- | -------------- |-------| | ------------------------------------------ | ---------- | -------------- | ----- |
| Add and remove Users | ✅ | | ✅ | | Add and remove Users | ✅ | | ✅ |
| Manage groups (enterprise) | | | |
| Change User roles | | | ✅ | | Change User roles | | | ✅ |
| Manage Templates | | ✅ | ✅ | | Manage **ALL** Templates | | ✅ | ✅ |
| View, update and delete **ALL** Workspaces | | ✅ | ✅ | | View, update and delete **ALL** Workspaces | | ✅ | ✅ |
| Execute and use **ALL** Workspaces | | | ✅ | | Execute and use **ALL** Workspaces | | | ✅ |

BIN
docs/images/groups.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 166 KiB

View File

@ -0,0 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><g><rect fill="none" height="24" width="24"/></g><g><g><path d="M17,11c0.34,0,0.67,0.04,1,0.09V6.27L10.5,3L3,6.27v4.91c0,4.54,3.2,8.79,7.5,9.82c0.55-0.13,1.08-0.32,1.6-0.55 C11.41,19.47,11,18.28,11,17C11,13.69,13.69,11,17,11z"/><path d="M17,13c-2.21,0-4,1.79-4,4c0,2.21,1.79,4,4,4s4-1.79,4-4C21,14.79,19.21,13,17,13z M17,14.38c0.62,0,1.12,0.51,1.12,1.12 s-0.51,1.12-1.12,1.12s-1.12-0.51-1.12-1.12S16.38,14.38,17,14.38z M17,19.75c-0.93,0-1.74-0.46-2.24-1.17 c0.05-0.72,1.51-1.08,2.24-1.08s2.19,0.36,2.24,1.08C18.74,19.29,17.93,19.75,17,19.75z"/></g></g></svg>

After

Width:  |  Height:  |  Size: 676 B

View File

@ -1 +1 @@
<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M16 11c1.66 0 2.99-1.34 2.99-3S17.66 5 16 5c-1.66 0-3 1.34-3 3s1.34 3 3 3zm-8 0c1.66 0 2.99-1.34 2.99-3S9.66 5 8 5C6.34 5 5 6.34 5 8s1.34 3 3 3zm0 2c-2.33 0-7 1.17-7 3.5V19h14v-2.5c0-2.33-4.67-3.5-7-3.5zm8 0c-.29 0-.62.02-.97.05 1.16.84 1.97 1.97 1.97 3.45V19h6v-2.5c0-2.33-4.67-3.5-7-3.5z"/></svg> <svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M12 12c2.21 0 4-1.79 4-4s-1.79-4-4-4-4 1.79-4 4 1.79 4 4 4zm0 2c-2.67 0-8 1.34-8 4v2h16v-2c0-2.66-5.33-4-8-4z"/></svg>

Before

Width:  |  Height:  |  Size: 428 B

After

Width:  |  Height:  |  Size: 248 B

Binary file not shown.

After

Width:  |  Height:  |  Size: 174 KiB

View File

@ -174,6 +174,12 @@
"icon_path": "./images/icons/wrench.svg", "icon_path": "./images/icons/wrench.svg",
"path": "./admin/index.md", "path": "./admin/index.md",
"children": [ "children": [
{
"title": "Authentication",
"description": "Learn how to set up authentication using GitHub or OpenID Connect.",
"icon_path": "./images/icons/key.svg",
"path": "./admin/auth.md"
},
{ {
"title": "Users", "title": "Users",
"description": "Learn about user roles available in Coder and how to create and manage users", "description": "Learn about user roles available in Coder and how to create and manage users",
@ -181,10 +187,18 @@
"path": "./admin/users.md" "path": "./admin/users.md"
}, },
{ {
"title": "Authentication", "title": "Groups",
"description": "Learn how to set up authentication using GitHub or OpenID Connect.", "description": "Learn how to manage user groups",
"icon_path": "./images/icons/key.svg", "icon_path": "./images/icons/group.svg",
"path": "./admin/auth.md" "path": "./admin/groups.md",
"state": "enterprise"
},
{
"title": "RBAC",
"description": "Learn how to use the role based access control",
"icon_path": "./images/icons/rbac.svg",
"path": "./admin/rbac.md",
"state": "enterprise"
}, },
{ {
"title": "Configuration", "title": "Configuration",

View File

@ -310,6 +310,10 @@ practices:
- The Coder agent logs are typically stored in `/var/log/coder-agent.log` - The Coder agent logs are typically stored in `/var/log/coder-agent.log`
- The Coder agent startup script logs are typically stored in `/var/log/coder-startup-script.log` - The Coder agent startup script logs are typically stored in `/var/log/coder-startup-script.log`
## Template permissions (enterprise)
Template permissions can be used to give users and groups access to specific templates. [Learn more about RBAC](./admin/rbac.md).
## Change Management ## Change Management
We recommend source controlling your templates as you would other code. We recommend source controlling your templates as you would other code.

View File

@ -55,7 +55,7 @@ export const TemplatePermissionsPage: FC<
</Link> </Link>
<Link <Link
underline="none" underline="none"
href="https://coder.com/docs/coder-oss/latest/admin/upgrade" href="https://coder.com/docs/coder-oss/latest/admin/rbac"
target="_blank" target="_blank"
rel="noreferrer" rel="noreferrer"
> >

View File

@ -132,14 +132,14 @@ const RoleSelect: FC<SelectProps> = (props) => {
<MenuItem key="view" value="view" className={styles.menuItem}> <MenuItem key="view" value="view" className={styles.menuItem}>
<div> <div>
<div>View</div> <div>View</div>
<div className={styles.menuItemSecondary}>Read, access</div> <div className={styles.menuItemSecondary}>Read, use</div>
</div> </div>
</MenuItem> </MenuItem>
<MenuItem key="admin" value="admin" className={styles.menuItem}> <MenuItem key="admin" value="admin" className={styles.menuItem}>
<div> <div>
<div>Admin</div> <div>Admin</div>
<div className={styles.menuItemSecondary}> <div className={styles.menuItemSecondary}>
Read, access, edit, push, and delete Read, use, edit, push, and delete
</div> </div>
</div> </div>
</MenuItem> </MenuItem>