docs: Add initial docs to groups and rbac (#4455)

* docs: Add initial docs to groups and rbac

* Update manifest

* Apply suggestions from code review

Co-authored-by: Joe Previte <jjprevite@gmail.com>

* use single user icon

* chore: add labels and standardize enterprise messaging

* clarify template role

* add groups role

* fix typo

* rename access to use

Co-authored-by: Joe Previte <jjprevite@gmail.com>
Co-authored-by: Ben <me@bpmct.net>

docs/admin/audit-logs.md

@@ -1,6 +1,6 @@
 # Audit Logs
 
-Audit Logs allows **Admins** and **Auditors** to monitor user operations in
+Audit Logs allows **Auditors** to monitor user operations in
 their deployment.
 
 ## Tracked Events
@@ -32,4 +32,4 @@ The supported filters are:
 
 ## Enabling this feature
 
-This feature is auto enabled for all enterprise deployments. Admins may contact us to purchase a license [here](https://coder.com/contact?note=I%20want%20to%20upgrade%20my%20license).
+This feature is only available with an enterprise license. [Learn more](./enterprise.md)

docs/admin/enterprise.md

@@ -7,13 +7,14 @@ These features are available in the enterprise edition:
 
 - [Audit Logging](./audit-logs.md)
 - [Browser Only Connections](../networking.md#browser-only-connections)
+- [Groups](./groups.md)
+- [Template RBAC](./rbac.md)
 - [Quotas](./quotas.md)
 - [SCIM](./auth.md#scim)
 
 And we're releasing these imminently:
 
 - High Availability
-- Template RBAC
 - Multiple Git Provider Authentication
 
 ## Adding your license key

docs/admin/groups.md

@@ -0,0 +1,10 @@
+# Groups
+
+Groups can be used with [template RBAC](./rbac.md) to give groups of users access to specific templates.
+
+![Groups](../images/groups.png)
+
+## Enabling this feature
+
+This feature is only available with an enterprise license. [Learn more](./enterprise.md)
+

docs/admin/quotas.md

@@ -15,6 +15,10 @@ Then, when users create workspaces they would see:
 
 <img src="../images/admin/quotas.png"/>
 
+## Enabling this feature
+
+This feature is only available with an enterprise license. [Learn more](./enterprise.md)
+
 ## Up next
 
 - [Enterprise](./enterprise.md)

docs/admin/rbac.md

@@ -0,0 +1,18 @@
+# Role Based Access Control (RBAC)
+
+Use RBAC to define which users and [groups](./groups.md) can use specific templates in Coder.
+
+![rbac](../images/template-rbac.png)
+
+The "Everyone" group makes a template accessible to all users. This can be removed to make a template private.
+
+## Permissions
+
+You can set the following permissions:
+
+- **Admin**: Read, use, edit, push, and delete
+- **View**: Read, use
+
+## Enabling this feature
+
+This feature is only available with an enterprise license. [Learn more](./enterprise.md)

docs/admin/users.md

@@ -7,10 +7,11 @@ This article walks you through the user roles available in Coder and creating an
 Coder offers these user roles in the community edition:
 
 |                                            | User Admin | Template Admin | Owner |
-| ------------------------------------------ | ---------- | -------------- |-------|
+| ------------------------------------------ | ---------- | -------------- | ----- |
 | Add and remove Users                       | ✅         |                | ✅    |
+| Manage groups (enterprise)                 |            |                |       |
 | Change User roles                          |            |                | ✅    |
-| Manage Templates                           |            | ✅             | ✅     |
+| Manage **ALL** Templates                   |            | ✅             | ✅    |
 | View, update and delete **ALL** Workspaces |            | ✅             | ✅    |
 | Execute and use **ALL** Workspaces         |            |                | ✅    |
 

docs/images/icons/rbac.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24" viewBox="0 0 24 24" width="24"><g><rect fill="none" height="24" width="24"/></g><g><g><path d="M17,11c0.34,0,0.67,0.04,1,0.09V6.27L10.5,3L3,6.27v4.91c0,4.54,3.2,8.79,7.5,9.82c0.55-0.13,1.08-0.32,1.6-0.55 C11.41,19.47,11,18.28,11,17C11,13.69,13.69,11,17,11z"/><path d="M17,13c-2.21,0-4,1.79-4,4c0,2.21,1.79,4,4,4s4-1.79,4-4C21,14.79,19.21,13,17,13z M17,14.38c0.62,0,1.12,0.51,1.12,1.12 s-0.51,1.12-1.12,1.12s-1.12-0.51-1.12-1.12S16.38,14.38,17,14.38z M17,19.75c-0.93,0-1.74-0.46-2.24-1.17 c0.05-0.72,1.51-1.08,2.24-1.08s2.19,0.36,2.24,1.08C18.74,19.29,17.93,19.75,17,19.75z"/></g></g></svg>

docs/images/icons/users.svg

@@ -1 +1 @@
-<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M16 11c1.66 0 2.99-1.34 2.99-3S17.66 5 16 5c-1.66 0-3 1.34-3 3s1.34 3 3 3zm-8 0c1.66 0 2.99-1.34 2.99-3S9.66 5 8 5C6.34 5 5 6.34 5 8s1.34 3 3 3zm0 2c-2.33 0-7 1.17-7 3.5V19h14v-2.5c0-2.33-4.67-3.5-7-3.5zm8 0c-.29 0-.62.02-.97.05 1.16.84 1.97 1.97 1.97 3.45V19h6v-2.5c0-2.33-4.67-3.5-7-3.5z"/></svg>
+<svg xmlns="http://www.w3.org/2000/svg" height="24" viewBox="0 0 24 24" width="24"><path d="M0 0h24v24H0z" fill="none"/><path d="M12 12c2.21 0 4-1.79 4-4s-1.79-4-4-4-4 1.79-4 4 1.79 4 4 4zm0 2c-2.67 0-8 1.34-8 4v2h16v-2c0-2.66-5.33-4-8-4z"/></svg>

docs/manifest.json

@@ -174,6 +174,12 @@
       "icon_path": "./images/icons/wrench.svg",
       "path": "./admin/index.md",
       "children": [
+        {
+          "title": "Authentication",
+          "description": "Learn how to set up authentication using GitHub or OpenID Connect.",
+          "icon_path": "./images/icons/key.svg",
+          "path": "./admin/auth.md"
+        },
         {
           "title": "Users",
           "description": "Learn about user roles available in Coder and how to create and manage users",
@@ -181,10 +187,18 @@
           "path": "./admin/users.md"
         },
         {
-          "title": "Authentication",
+          "title": "Groups",
-          "description": "Learn how to set up authentication using GitHub or OpenID Connect.",
+          "description": "Learn how to manage user groups",
-          "icon_path": "./images/icons/key.svg",
+          "icon_path": "./images/icons/group.svg",
-          "path": "./admin/auth.md"
+          "path": "./admin/groups.md",
+          "state": "enterprise"
+        },
+        {
+          "title": "RBAC",
+          "description": "Learn how to use the role based access control",
+          "icon_path": "./images/icons/rbac.svg",
+          "path": "./admin/rbac.md",
+          "state": "enterprise"
         },
         {
           "title": "Configuration",

docs/templates.md

@@ -310,6 +310,10 @@ practices:
   - The Coder agent logs are typically stored in `/var/log/coder-agent.log`
   - The Coder agent startup script logs are typically stored in `/var/log/coder-startup-script.log`
 
+## Template permissions (enterprise)
+
+Template permissions can be used to give users and groups access to specific templates. [Learn more about RBAC](./admin/rbac.md).
+
 ## Change Management
 
 We recommend source controlling your templates as you would other code.

site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPage.tsx

@@ -55,7 +55,7 @@ export const TemplatePermissionsPage: FC<
                 </Link>
                 <Link
                   underline="none"
-                  href="https://coder.com/docs/coder-oss/latest/admin/upgrade"
+                  href="https://coder.com/docs/coder-oss/latest/admin/rbac"
                   target="_blank"
                   rel="noreferrer"
                 >

site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPageView.tsx

@@ -132,14 +132,14 @@ const RoleSelect: FC<SelectProps> = (props) => {
       <MenuItem key="view" value="view" className={styles.menuItem}>
         <div>
           <div>View</div>
-          <div className={styles.menuItemSecondary}>Read, access</div>
+          <div className={styles.menuItemSecondary}>Read, use</div>
         </div>
       </MenuItem>
       <MenuItem key="admin" value="admin" className={styles.menuItem}>
         <div>
           <div>Admin</div>
           <div className={styles.menuItemSecondary}>
-            Read, access, edit, push, and delete
+            Read, use, edit, push, and delete
           </div>
         </div>
       </MenuItem>