From 6b732ed04fa2c23ac2de80652eb5eb7c15489d19 Mon Sep 17 00:00:00 2001 From: Jeremy Yeo Date: Thu, 18 Jan 2024 12:09:51 +1300 Subject: [PATCH 01/10] Update enterprise-permissions.md --- .../docs/cloud/manage-access/enterprise-permissions.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/website/docs/docs/cloud/manage-access/enterprise-permissions.md b/website/docs/docs/cloud/manage-access/enterprise-permissions.md index dcacda20deb..4bcaca8d89f 100644 --- a/website/docs/docs/cloud/manage-access/enterprise-permissions.md +++ b/website/docs/docs/cloud/manage-access/enterprise-permissions.md @@ -11,6 +11,15 @@ import SetUpPages from '/snippets/_available-enterprise-only.md'; +:::info Licenses vs Permission Sets + +The type of [licenses](https://docs.getdbt.com/docs/cloud/manage-access/seats-and-users) that a user has takes +precedence over the exact permission set that the user has. This means that if a user has a "Read-Only" license +but is placed in a dbt Cloud group with "Account Admin" permissions - that user would still not be able to take +any administrative actions on the account as the license would restrict them from doing so. + +::: + The dbt Cloud Enterprise plan supports a number of pre-built permission sets to help manage access controls within a dbt Cloud account. See the docs on [access control](/docs/cloud/manage-access/about-user-access) for more information on Role-Based access From 110f2259c569c430028c6e78bdd4636a59fdff69 Mon Sep 17 00:00:00 2001 From: Jeremy Yeo Date: Thu, 18 Jan 2024 12:13:57 +1300 Subject: [PATCH 02/10] Update cloud-seats-and-users.md --- website/docs/docs/cloud/manage-access/cloud-seats-and-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md index 63786f40bd8..3938c7fc75c 100644 --- a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md +++ b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md @@ -11,7 +11,7 @@ In dbt Cloud, _licenses_ are used to allocate users to your account. There are t - **Developer** — Granted access to the Deployment and [Development](/docs/cloud/dbt-cloud-ide/develop-in-the-cloud) functionality in dbt Cloud. - **Read-Only** — Intended to view the [artifacts](/docs/deploy/artifacts) created in a dbt Cloud account. Read-Only users can receive job notifications but not configure them. -- **IT** — Can manage users, groups, and licenses, among other permissions. IT users can receive job notifications but not configure them. Available on Enterprise and Team plans only. +- **IT** — Can manage users, groups, and licenses, among other permissions. IT users can receive job notifications but not configure them. Available on Enterprise and Team plans only. On Enterprise plans - the IT license type provides the same access as the ["Security admin" permission set / role](https://docs.getdbt.com/docs/cloud/manage-access/enterprise-permissions#account-permissions-for-account-roles). The user's assigned license determines the specific capabilities they can access in dbt Cloud. From 3a10d0f84e6a6dcb37edf16a5cef441bc967f6a6 Mon Sep 17 00:00:00 2001 From: Jeremy Yeo Date: Thu, 18 Jan 2024 12:16:34 +1300 Subject: [PATCH 03/10] Update enterprise-permissions.md --- website/docs/docs/cloud/manage-access/enterprise-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/docs/cloud/manage-access/enterprise-permissions.md b/website/docs/docs/cloud/manage-access/enterprise-permissions.md index 4bcaca8d89f..e604a50f282 100644 --- a/website/docs/docs/cloud/manage-access/enterprise-permissions.md +++ b/website/docs/docs/cloud/manage-access/enterprise-permissions.md @@ -13,7 +13,7 @@ import SetUpPages from '/snippets/_available-enterprise-only.md'; :::info Licenses vs Permission Sets -The type of [licenses](https://docs.getdbt.com/docs/cloud/manage-access/seats-and-users) that a user has takes +The type of [license](https://docs.getdbt.com/docs/cloud/manage-access/seats-and-users) that a user has takes precedence over the exact permission set that the user has. This means that if a user has a "Read-Only" license but is placed in a dbt Cloud group with "Account Admin" permissions - that user would still not be able to take any administrative actions on the account as the license would restrict them from doing so. From 0ecef1a2ead24f12d734c1deba53001cfb6f9567 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Thu, 18 Jan 2024 11:21:36 +0000 Subject: [PATCH 04/10] Update enterprise-permissions.md moving it to header --- .../cloud/manage-access/enterprise-permissions.md | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/website/docs/docs/cloud/manage-access/enterprise-permissions.md b/website/docs/docs/cloud/manage-access/enterprise-permissions.md index e604a50f282..e6e84975483 100644 --- a/website/docs/docs/cloud/manage-access/enterprise-permissions.md +++ b/website/docs/docs/cloud/manage-access/enterprise-permissions.md @@ -11,15 +11,6 @@ import SetUpPages from '/snippets/_available-enterprise-only.md'; -:::info Licenses vs Permission Sets - -The type of [license](https://docs.getdbt.com/docs/cloud/manage-access/seats-and-users) that a user has takes -precedence over the exact permission set that the user has. This means that if a user has a "Read-Only" license -but is placed in a dbt Cloud group with "Account Admin" permissions - that user would still not be able to take -any administrative actions on the account as the license would restrict them from doing so. - -::: - The dbt Cloud Enterprise plan supports a number of pre-built permission sets to help manage access controls within a dbt Cloud account. See the docs on [access control](/docs/cloud/manage-access/about-user-access) for more information on Role-Based access @@ -29,6 +20,11 @@ control (RBAC). The following roles and permission sets are available for assignment in dbt Cloud Enterprise accounts. They can be granted to dbt Cloud groups which are then in turn granted to users. A dbt Cloud group can be associated with more than one role and permission set. Roles with more access take precedence. +::::tip Licenses or Permission sets + +The user's [license](/docs/cloud/manage-access/seats-and-users) type always overrides their assigned permission set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account +::: + ## How to set up RBAC Groups in dbt Cloud From f42c800654be48cabaddec7446dfe8b6da273d2a Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Thu, 18 Jan 2024 11:22:51 +0000 Subject: [PATCH 05/10] Update website/docs/docs/cloud/manage-access/enterprise-permissions.md --- website/docs/docs/cloud/manage-access/enterprise-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/docs/cloud/manage-access/enterprise-permissions.md b/website/docs/docs/cloud/manage-access/enterprise-permissions.md index e6e84975483..c637663b23a 100644 --- a/website/docs/docs/cloud/manage-access/enterprise-permissions.md +++ b/website/docs/docs/cloud/manage-access/enterprise-permissions.md @@ -22,7 +22,7 @@ The following roles and permission sets are available for assignment in dbt Clou ::::tip Licenses or Permission sets -The user's [license](/docs/cloud/manage-access/seats-and-users) type always overrides their assigned permission set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account +The user's [license](/docs/cloud/manage-access/seats-and-users) type always overrides their assigned permission set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account. ::: From 5de29626c4495260037f95f0ea2e6f8e4efa39ab Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Thu, 18 Jan 2024 11:29:03 +0000 Subject: [PATCH 06/10] Update cloud-seats-and-users.md --- .../docs/docs/cloud/manage-access/cloud-seats-and-users.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md index 3938c7fc75c..00661a2795e 100644 --- a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md +++ b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md @@ -28,6 +28,10 @@ The user's assigned license determines the specific capabilities they can access *Available on Enterprise and Team plans only and doesn't count toward seat usage. Please note, that IT seats are limited to 1 seat per Team or Enterprise account. ## Licenses +::::tip Licenses or Permission sets + +The user's license type always overrides their assigned [Enterprise permission](/docs/cloud/manage-access/enterprise-permissions) set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account. +::: Each dbt Cloud plan comes with a base number of Developer, IT, and Read-Only licenses. You can add or remove licenses by modifying the number of users in your account settings. From 3e9d013b9fe754eafb2d452a88e49945ce193691 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Thu, 18 Jan 2024 11:49:29 +0000 Subject: [PATCH 07/10] Update website/docs/docs/cloud/manage-access/cloud-seats-and-users.md --- website/docs/docs/cloud/manage-access/cloud-seats-and-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md index 00661a2795e..3c0a0b46212 100644 --- a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md +++ b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md @@ -11,7 +11,7 @@ In dbt Cloud, _licenses_ are used to allocate users to your account. There are t - **Developer** — Granted access to the Deployment and [Development](/docs/cloud/dbt-cloud-ide/develop-in-the-cloud) functionality in dbt Cloud. - **Read-Only** — Intended to view the [artifacts](/docs/deploy/artifacts) created in a dbt Cloud account. Read-Only users can receive job notifications but not configure them. -- **IT** — Can manage users, groups, and licenses, among other permissions. IT users can receive job notifications but not configure them. Available on Enterprise and Team plans only. On Enterprise plans - the IT license type provides the same access as the ["Security admin" permission set / role](https://docs.getdbt.com/docs/cloud/manage-access/enterprise-permissions#account-permissions-for-account-roles). +- **IT** — Can manage users, groups, and licenses, among other permissions. IT users can receive job notifications but not configure them. Available on Enterprise and Team plans only. In Enterprise plans, the IT license type grants access equivalent to the ['Security admin' role](/docs/cloud/manage-access/enterprise-permissions#account-permissions-for-account-roles). The user's assigned license determines the specific capabilities they can access in dbt Cloud. From 4033e2e88a1f69b1878158f4b6a0d901243ebcce Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Thu, 18 Jan 2024 11:51:07 +0000 Subject: [PATCH 08/10] Update cloud-seats-and-users.md --- .../docs/docs/cloud/manage-access/cloud-seats-and-users.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md index 3c0a0b46212..21d8e3a0fcc 100644 --- a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md +++ b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md @@ -28,9 +28,11 @@ The user's assigned license determines the specific capabilities they can access *Available on Enterprise and Team plans only and doesn't count toward seat usage. Please note, that IT seats are limited to 1 seat per Team or Enterprise account. ## Licenses -::::tip Licenses or Permission sets + +:::tip Licenses or Permission sets The user's license type always overrides their assigned [Enterprise permission](/docs/cloud/manage-access/enterprise-permissions) set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account. + ::: Each dbt Cloud plan comes with a base number of Developer, IT, and Read-Only licenses. You can add or remove licenses by modifying the number of users in your account settings. From c6fc915b5fdbd39f20c4f32cfcad841ef338a511 Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Thu, 18 Jan 2024 11:51:20 +0000 Subject: [PATCH 09/10] Update website/docs/docs/cloud/manage-access/enterprise-permissions.md --- website/docs/docs/cloud/manage-access/enterprise-permissions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/docs/cloud/manage-access/enterprise-permissions.md b/website/docs/docs/cloud/manage-access/enterprise-permissions.md index c637663b23a..4ed7ab228e5 100644 --- a/website/docs/docs/cloud/manage-access/enterprise-permissions.md +++ b/website/docs/docs/cloud/manage-access/enterprise-permissions.md @@ -20,7 +20,7 @@ control (RBAC). The following roles and permission sets are available for assignment in dbt Cloud Enterprise accounts. They can be granted to dbt Cloud groups which are then in turn granted to users. A dbt Cloud group can be associated with more than one role and permission set. Roles with more access take precedence. -::::tip Licenses or Permission sets +:::tip Licenses or Permission sets The user's [license](/docs/cloud/manage-access/seats-and-users) type always overrides their assigned permission set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account. ::: From 3288eb24b868aecf4eae8c31929d7e231a2e2dcd Mon Sep 17 00:00:00 2001 From: mirnawong1 <89008547+mirnawong1@users.noreply.github.com> Date: Thu, 18 Jan 2024 18:21:52 +0000 Subject: [PATCH 10/10] Update website/docs/docs/cloud/manage-access/cloud-seats-and-users.md --- website/docs/docs/cloud/manage-access/cloud-seats-and-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md index 21d8e3a0fcc..f07720a9771 100644 --- a/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md +++ b/website/docs/docs/cloud/manage-access/cloud-seats-and-users.md @@ -11,7 +11,7 @@ In dbt Cloud, _licenses_ are used to allocate users to your account. There are t - **Developer** — Granted access to the Deployment and [Development](/docs/cloud/dbt-cloud-ide/develop-in-the-cloud) functionality in dbt Cloud. - **Read-Only** — Intended to view the [artifacts](/docs/deploy/artifacts) created in a dbt Cloud account. Read-Only users can receive job notifications but not configure them. -- **IT** — Can manage users, groups, and licenses, among other permissions. IT users can receive job notifications but not configure them. Available on Enterprise and Team plans only. In Enterprise plans, the IT license type grants access equivalent to the ['Security admin' role](/docs/cloud/manage-access/enterprise-permissions#account-permissions-for-account-roles). +- **IT** — Can manage users, groups, and licenses, among other permissions. IT users can receive job notifications but not configure them. Available on Enterprise and Team plans only. In Enterprise plans, the IT license type grants access equivalent to the ['Security admin' and 'Billing admin' roles](/docs/cloud/manage-access/enterprise-permissions#account-permissions-for-account-roles). The user's assigned license determines the specific capabilities they can access in dbt Cloud.