mirror of
https://github.com/coder/coder.git
synced 2025-07-09 11:45:56 +00:00
docs: Add initial docs to groups and rbac (#4455)
* docs: Add initial docs to groups and rbac * Update manifest * Apply suggestions from code review Co-authored-by: Joe Previte <jjprevite@gmail.com> * use single user icon * chore: add labels and standardize enterprise messaging * clarify template role * add groups role * fix typo * rename access to use Co-authored-by: Joe Previte <jjprevite@gmail.com> Co-authored-by: Ben <me@bpmct.net>
This commit is contained in:
@ -1,6 +1,6 @@
|
|||||||
# Audit Logs
|
# Audit Logs
|
||||||
|
|
||||||
Audit Logs allows **Admins** and **Auditors** to monitor user operations in
|
Audit Logs allows **Auditors** to monitor user operations in
|
||||||
their deployment.
|
their deployment.
|
||||||
|
|
||||||
## Tracked Events
|
## Tracked Events
|
||||||
@ -32,4 +32,4 @@ The supported filters are:
|
|||||||
|
|
||||||
## Enabling this feature
|
## Enabling this feature
|
||||||
|
|
||||||
This feature is auto enabled for all enterprise deployments. Admins may contact us to purchase a license [here](https://coder.com/contact?note=I%20want%20to%20upgrade%20my%20license).
|
This feature is only available with an enterprise license. [Learn more](./enterprise.md)
|
||||||
|
@ -7,13 +7,14 @@ These features are available in the enterprise edition:
|
|||||||
|
|
||||||
- [Audit Logging](./audit-logs.md)
|
- [Audit Logging](./audit-logs.md)
|
||||||
- [Browser Only Connections](../networking.md#browser-only-connections)
|
- [Browser Only Connections](../networking.md#browser-only-connections)
|
||||||
|
- [Groups](./groups.md)
|
||||||
|
- [Template RBAC](./rbac.md)
|
||||||
- [Quotas](./quotas.md)
|
- [Quotas](./quotas.md)
|
||||||
- [SCIM](./auth.md#scim)
|
- [SCIM](./auth.md#scim)
|
||||||
|
|
||||||
And we're releasing these imminently:
|
And we're releasing these imminently:
|
||||||
|
|
||||||
- High Availability
|
- High Availability
|
||||||
- Template RBAC
|
|
||||||
- Multiple Git Provider Authentication
|
- Multiple Git Provider Authentication
|
||||||
|
|
||||||
## Adding your license key
|
## Adding your license key
|
||||||
|
10
docs/admin/groups.md
Normal file
10
docs/admin/groups.md
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Groups
|
||||||
|
|
||||||
|
Groups can be used with [template RBAC](./rbac.md) to give groups of users access to specific templates.
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
## Enabling this feature
|
||||||
|
|
||||||
|
This feature is only available with an enterprise license. [Learn more](./enterprise.md)
|
||||||
|
|
@ -15,6 +15,10 @@ Then, when users create workspaces they would see:
|
|||||||
|
|
||||||
<img src="../images/admin/quotas.png"/>
|
<img src="../images/admin/quotas.png"/>
|
||||||
|
|
||||||
|
## Enabling this feature
|
||||||
|
|
||||||
|
This feature is only available with an enterprise license. [Learn more](./enterprise.md)
|
||||||
|
|
||||||
## Up next
|
## Up next
|
||||||
|
|
||||||
- [Enterprise](./enterprise.md)
|
- [Enterprise](./enterprise.md)
|
||||||
|
18
docs/admin/rbac.md
Normal file
18
docs/admin/rbac.md
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
# Role Based Access Control (RBAC)
|
||||||
|
|
||||||
|
Use RBAC to define which users and [groups](./groups.md) can use specific templates in Coder.
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
The "Everyone" group makes a template accessible to all users. This can be removed to make a template private.
|
||||||
|
|
||||||
|
## Permissions
|
||||||
|
|
||||||
|
You can set the following permissions:
|
||||||
|
|
||||||
|
- **Admin**: Read, use, edit, push, and delete
|
||||||
|
- **View**: Read, use
|
||||||
|
|
||||||
|
## Enabling this feature
|
||||||
|
|
||||||
|
This feature is only available with an enterprise license. [Learn more](./enterprise.md)
|
@ -7,10 +7,11 @@ This article walks you through the user roles available in Coder and creating an
|
|||||||
Coder offers these user roles in the community edition:
|
Coder offers these user roles in the community edition:
|
||||||
|
|
||||||
| | User Admin | Template Admin | Owner |
|
| | User Admin | Template Admin | Owner |
|
||||||
| ------------------------------------------ | ---------- | -------------- |-------|
|
| ------------------------------------------ | ---------- | -------------- | ----- |
|
||||||
| Add and remove Users | ✅ | | ✅ |
|
| Add and remove Users | ✅ | | ✅ |
|
||||||
|
| Manage groups (enterprise) | | | |
|
||||||
| Change User roles | | | ✅ |
|
| Change User roles | | | ✅ |
|
||||||
| Manage Templates | | ✅ | ✅ |
|
| Manage **ALL** Templates | | ✅ | ✅ |
|
||||||
| View, update and delete **ALL** Workspaces | | ✅ | ✅ |
|
| View, update and delete **ALL** Workspaces | | ✅ | ✅ |
|
||||||
| Execute and use **ALL** Workspaces | | | ✅ |
|
| Execute and use **ALL** Workspaces | | | ✅ |
|
||||||
|
|
||||||
|
BIN
docs/images/groups.png
Normal file
BIN
docs/images/groups.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 166 KiB |
1
docs/images/icons/rbac.svg
Normal file
1
docs/images/icons/rbac.svg
Normal file
@ -0,0 +1 @@
|
|||||||
|
<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><g><rect fill="none" height="24" width="24"/></g><g><g><path d="M17,11c0.34,0,0.67,0.04,1,0.09V6.27L10.5,3L3,6.27v4.91c0,4.54,3.2,8.79,7.5,9.82c0.55-0.13,1.08-0.32,1.6-0.55 C11.41,19.47,11,18.28,11,17C11,13.69,13.69,11,17,11z"/><path d="M17,13c-2.21,0-4,1.79-4,4c0,2.21,1.79,4,4,4s4-1.79,4-4C21,14.79,19.21,13,17,13z M17,14.38c0.62,0,1.12,0.51,1.12,1.12 s-0.51,1.12-1.12,1.12s-1.12-0.51-1.12-1.12S16.38,14.38,17,14.38z M17,19.75c-0.93,0-1.74-0.46-2.24-1.17 c0.05-0.72,1.51-1.08,2.24-1.08s2.19,0.36,2.24,1.08C18.74,19.29,17.93,19.75,17,19.75z"/></g></g></svg>
|
After Width: | Height: | Size: 676 B |
@ -1 +1 @@
|
|||||||
<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M16 11c1.66 0 2.99-1.34 2.99-3S17.66 5 16 5c-1.66 0-3 1.34-3 3s1.34 3 3 3zm-8 0c1.66 0 2.99-1.34 2.99-3S9.66 5 8 5C6.34 5 5 6.34 5 8s1.34 3 3 3zm0 2c-2.33 0-7 1.17-7 3.5V19h14v-2.5c0-2.33-4.67-3.5-7-3.5zm8 0c-.29 0-.62.02-.97.05 1.16.84 1.97 1.97 1.97 3.45V19h6v-2.5c0-2.33-4.67-3.5-7-3.5z"/></svg>
|
<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M12 12c2.21 0 4-1.79 4-4s-1.79-4-4-4-4 1.79-4 4 1.79 4 4 4zm0 2c-2.67 0-8 1.34-8 4v2h16v-2c0-2.66-5.33-4-8-4z"/></svg>
|
||||||
|
Before Width: | Height: | Size: 428 B After Width: | Height: | Size: 248 B |
BIN
docs/images/template-rbac.png
Normal file
BIN
docs/images/template-rbac.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 174 KiB |
@ -174,6 +174,12 @@
|
|||||||
"icon_path": "./images/icons/wrench.svg",
|
"icon_path": "./images/icons/wrench.svg",
|
||||||
"path": "./admin/index.md",
|
"path": "./admin/index.md",
|
||||||
"children": [
|
"children": [
|
||||||
|
{
|
||||||
|
"title": "Authentication",
|
||||||
|
"description": "Learn how to set up authentication using GitHub or OpenID Connect.",
|
||||||
|
"icon_path": "./images/icons/key.svg",
|
||||||
|
"path": "./admin/auth.md"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"title": "Users",
|
"title": "Users",
|
||||||
"description": "Learn about user roles available in Coder and how to create and manage users",
|
"description": "Learn about user roles available in Coder and how to create and manage users",
|
||||||
@ -181,10 +187,18 @@
|
|||||||
"path": "./admin/users.md"
|
"path": "./admin/users.md"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"title": "Authentication",
|
"title": "Groups",
|
||||||
"description": "Learn how to set up authentication using GitHub or OpenID Connect.",
|
"description": "Learn how to manage user groups",
|
||||||
"icon_path": "./images/icons/key.svg",
|
"icon_path": "./images/icons/group.svg",
|
||||||
"path": "./admin/auth.md"
|
"path": "./admin/groups.md",
|
||||||
|
"state": "enterprise"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"title": "RBAC",
|
||||||
|
"description": "Learn how to use the role based access control",
|
||||||
|
"icon_path": "./images/icons/rbac.svg",
|
||||||
|
"path": "./admin/rbac.md",
|
||||||
|
"state": "enterprise"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"title": "Configuration",
|
"title": "Configuration",
|
||||||
|
@ -310,6 +310,10 @@ practices:
|
|||||||
- The Coder agent logs are typically stored in `/var/log/coder-agent.log`
|
- The Coder agent logs are typically stored in `/var/log/coder-agent.log`
|
||||||
- The Coder agent startup script logs are typically stored in `/var/log/coder-startup-script.log`
|
- The Coder agent startup script logs are typically stored in `/var/log/coder-startup-script.log`
|
||||||
|
|
||||||
|
## Template permissions (enterprise)
|
||||||
|
|
||||||
|
Template permissions can be used to give users and groups access to specific templates. [Learn more about RBAC](./admin/rbac.md).
|
||||||
|
|
||||||
## Change Management
|
## Change Management
|
||||||
|
|
||||||
We recommend source controlling your templates as you would other code.
|
We recommend source controlling your templates as you would other code.
|
||||||
|
@ -55,7 +55,7 @@ export const TemplatePermissionsPage: FC<
|
|||||||
</Link>
|
</Link>
|
||||||
<Link
|
<Link
|
||||||
underline="none"
|
underline="none"
|
||||||
href="https://coder.com/docs/coder-oss/latest/admin/upgrade"
|
href="https://coder.com/docs/coder-oss/latest/admin/rbac"
|
||||||
target="_blank"
|
target="_blank"
|
||||||
rel="noreferrer"
|
rel="noreferrer"
|
||||||
>
|
>
|
||||||
|
@ -132,14 +132,14 @@ const RoleSelect: FC<SelectProps> = (props) => {
|
|||||||
<MenuItem key="view" value="view" className={styles.menuItem}>
|
<MenuItem key="view" value="view" className={styles.menuItem}>
|
||||||
<div>
|
<div>
|
||||||
<div>View</div>
|
<div>View</div>
|
||||||
<div className={styles.menuItemSecondary}>Read, access</div>
|
<div className={styles.menuItemSecondary}>Read, use</div>
|
||||||
</div>
|
</div>
|
||||||
</MenuItem>
|
</MenuItem>
|
||||||
<MenuItem key="admin" value="admin" className={styles.menuItem}>
|
<MenuItem key="admin" value="admin" className={styles.menuItem}>
|
||||||
<div>
|
<div>
|
||||||
<div>Admin</div>
|
<div>Admin</div>
|
||||||
<div className={styles.menuItemSecondary}>
|
<div className={styles.menuItemSecondary}>
|
||||||
Read, access, edit, push, and delete
|
Read, use, edit, push, and delete
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</MenuItem>
|
</MenuItem>
|
||||||
|
Reference in New Issue
Block a user