From 97df2abf6c1e38c926cb3def93b15a4b6b5797fe Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 15 Sep 2023 14:17:18 +0200 Subject: [PATCH 1/7] Add info on super admin --- docs/platform/concepts/projects_accounts_access.rst | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/platform/concepts/projects_accounts_access.rst b/docs/platform/concepts/projects_accounts_access.rst index 0977714401..8fa799e5d4 100644 --- a/docs/platform/concepts/projects_accounts_access.rst +++ b/docs/platform/concepts/projects_accounts_access.rst @@ -29,6 +29,12 @@ Grouping your projects in organizations and organizational units lets you centra * Billing groups - Specific to a single organization or organizational unit and cannot be shared between them +Super admin +~~~~~~~~~~~~ + +Super admin have full access to the organization, including all organizational units, projects, and services. Users are automatically made super admin when they create an organization, and they can :doc:`make other users super admin <>`. + + Projects -------- From a716cf91f9f7fc96fc3ed8357ef0cc94bc7844cb Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 15 Sep 2023 15:29:04 +0200 Subject: [PATCH 2/7] Add instructions for super admin --- .../concepts/projects_accounts_access.rst | 2 +- docs/platform/howto/make-super-admin.rst | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 docs/platform/howto/make-super-admin.rst diff --git a/docs/platform/concepts/projects_accounts_access.rst b/docs/platform/concepts/projects_accounts_access.rst index 8fa799e5d4..8a63d2efa8 100644 --- a/docs/platform/concepts/projects_accounts_access.rst +++ b/docs/platform/concepts/projects_accounts_access.rst @@ -32,7 +32,7 @@ Grouping your projects in organizations and organizational units lets you centra Super admin ~~~~~~~~~~~~ -Super admin have full access to the organization, including all organizational units, projects, and services. Users are automatically made super admin when they create an organization, and they can :doc:`make other users super admin <>`. +Super admin have full access to the organization, including all organizational units, projects, and services. Users are automatically made super admin when they create an organization, and they can :doc:`make other users super admin `. Projects diff --git a/docs/platform/howto/make-super-admin.rst b/docs/platform/howto/make-super-admin.rst new file mode 100644 index 0000000000..54bb272c90 --- /dev/null +++ b/docs/platform/howto/make-super-admin.rst @@ -0,0 +1,17 @@ +Make users super admin +======================= + +Super admin have full access to an organization and its settings as well as all of its organizational units, projects, and services. + +Make a user a super admin +-------------------------- + +To give a user full access to your organization: + +#. In the organization, click **Admin**. + +#. Click **Users**. + +#. Find the user and click **Actions** > **Make super admin**. + +To revoke super admin privileges for a user, follow the same steps and select **Revoke super admin**. From 8b1d186250ee4d6190588527af2172bbfd889253 Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 15 Sep 2023 15:34:24 +0200 Subject: [PATCH 3/7] Update TOC --- _toc.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/_toc.yml b/_toc.yml index c828787b35..730bb1e948 100644 --- a/_toc.yml +++ b/_toc.yml @@ -68,6 +68,7 @@ entries: title: User and access management entries: - file: docs/platform/howto/manage-org-users + - file: docs/platform/howto/make-super-admin - file: docs/platform/howto/list-user-profile entries: - file: docs/platform/howto/edit-user-profile From 21dadd80b1fc1efc3b0731574e4e911d6cb4ddc3 Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 29 Sep 2023 20:42:38 +0200 Subject: [PATCH 4/7] Add info on syncing of account owners and super admin --- docs/platform/concepts/projects_accounts_access.rst | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/platform/concepts/projects_accounts_access.rst b/docs/platform/concepts/projects_accounts_access.rst index 8a63d2efa8..3c386c710e 100644 --- a/docs/platform/concepts/projects_accounts_access.rst +++ b/docs/platform/concepts/projects_accounts_access.rst @@ -34,6 +34,8 @@ Super admin Super admin have full access to the organization, including all organizational units, projects, and services. Users are automatically made super admin when they create an organization, and they can :doc:`make other users super admin `. +Super admin are the same as account owners. Adding a user to the account owners team makes them a super admin. Likewise, when you make a user a super admin, they are added to the account owners team. + Projects -------- From 7be289f6441dcbb2e0e28d9db0c5536165ac8f3f Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Wed, 25 Oct 2023 13:09:33 +0200 Subject: [PATCH 5/7] Resolve TOC conflicts --- _toc.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/_toc.yml b/_toc.yml index 730bb1e948..85b6bb2434 100644 --- a/_toc.yml +++ b/_toc.yml @@ -68,6 +68,7 @@ entries: title: User and access management entries: - file: docs/platform/howto/manage-org-users + - file: docs/platform/howto/delete-user - file: docs/platform/howto/make-super-admin - file: docs/platform/howto/list-user-profile entries: From f9f9b26f3134221f2193ef10cd4c9ec7ec163708 Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Fri, 27 Oct 2023 16:57:20 +0200 Subject: [PATCH 6/7] Update info and align with style guide --- .../concepts/projects_accounts_access.rst | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/platform/concepts/projects_accounts_access.rst b/docs/platform/concepts/projects_accounts_access.rst index 3c386c710e..3798b1d7c3 100644 --- a/docs/platform/concepts/projects_accounts_access.rst +++ b/docs/platform/concepts/projects_accounts_access.rst @@ -11,23 +11,23 @@ Organizations and organizational units Organizations and organizational units are collections of projects. When you sign up to Aiven, an organization is created for you. -You can use these to create a hierarchical structure that fits your needs. Organizational units can be nested within an organization, adding another level to group your projects. This gives you greater flexibility to organize your setup to meet your specific use cases. For example, you can easily split production and testing workloads into different organizational units that are in the same organization. +You can use your organization to create a hierarchical structure that fits your needs. Organizational units can be nested within an organization, adding another level to group your projects. This gives you greater flexibility to organize your infrastructure based on your specific use cases. For example, you can easily split production and testing workloads into different organizational units. Grouping your projects in organizations and organizational units lets you centrally manage settings like: -* Authentication methods - Only available on the organization level +* Authentication methods: Only available on the organization level -* ACLs - Can be set on all levels (organization, organizational unit, and project) +* Access control lists (ACLs): Can be set on all levels (organization, organizational unit, and project) * ACLs for service plans are inherited, meaning all projects within an organization or organizational unit will have the same service plan. -* Groups - User groups managed at the organization level and assigned to projects +* Groups: Managed at the organization level and assigned to projects -* Teams - Specific to a single organization or organizational unit and cannot be shared between them +* Teams: Specific to a single organization or organizational unit and cannot be shared between them -* Support contracts - Specific to a single organization or organizational unit and cannot be shared between them +* Support contracts: Specific to a single organization and cannot be shared between them -* Billing groups - Specific to a single organization or organizational unit and cannot be shared between them +* Billing groups: Specific to a single organization and cannot be shared between them Super admin ~~~~~~~~~~~~ @@ -40,11 +40,11 @@ Super admin are the same as account owners. Adding a user to the account owners Projects -------- -Projects are collections of services and user permissions. Each project must have a unique name within an organization. You can group your services however you see fit. These are some examples of how customers organize their services: +Projects are collections of services and user permissions. Each project must have a unique name. You can group your services however you see fit. These are some examples of how customers organize their services: * Single project: One project containing services that are distinguished by their names. For example, services are named based on the type of environment: ``demo_pg_project.postgres-prod`` and ``demo_pg_project.postgres-staging``. -* Environment-based projects: Each project represents a deployment environment, for example: ``dev``, ``qa``, and ``production``. This allows you to apply uniform network security, such as the use of virtual private clouds, to all services within each environment. This also gives you more granular user permissions, such as developer access to production infrastructure. +* Environment-based: Each project represents a deployment environment, for example: ``dev``, ``qa``, and ``production``. This allows you to apply uniform network security, such as the use of virtual private clouds, to all services within each environment. This also gives you more granular user permissions, such as developer access to production infrastructure. * Project-based: Each project contains all the services for an internal project, with naming that highlights the relevant environment; for example: ``customer-success-prod`` and ``business-analytics-test``. From 849841fb72b5ac175f6f58f5b43431f450d69b79 Mon Sep 17 00:00:00 2001 From: Stacey Salamon Date: Wed, 22 Nov 2023 10:06:41 +0100 Subject: [PATCH 7/7] Remove teams info --- docs/platform/concepts/projects_accounts_access.rst | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/docs/platform/concepts/projects_accounts_access.rst b/docs/platform/concepts/projects_accounts_access.rst index 3798b1d7c3..12259151a7 100644 --- a/docs/platform/concepts/projects_accounts_access.rst +++ b/docs/platform/concepts/projects_accounts_access.rst @@ -23,8 +23,6 @@ Grouping your projects in organizations and organizational units lets you centra * Groups: Managed at the organization level and assigned to projects -* Teams: Specific to a single organization or organizational unit and cannot be shared between them - * Support contracts: Specific to a single organization and cannot be shared between them * Billing groups: Specific to a single organization and cannot be shared between them @@ -60,16 +58,6 @@ Groups :doc:`Organization users ` can be :doc:`added to groups `, making it easy to control access to the services in a project. When you :doc:`add a group to a project `, you also select the role for that group. This role gives all users in that group the same level of access to all services in the project. -Teams -~~~~~ - -.. important:: - **Teams are becoming groups** - - :doc:`Groups ` are an easier way to control access to your organization's projects and services for a group of users. - -You can also use teams within organizations or organizational units to control access to projects for a group of users. When you create a team, you choose which projects to add it to. Another option is to set up :doc:`SAML single sign-on (SSO) ` for an organization that automatically adds users to a team when they sign up. For greater security, you may want to use a combination of SAML and RBAC regardless of the size of team. - Best practices for organizations ---------------------------------