From b492bedda157e0d98cc974ecc1223f2a8030e704 Mon Sep 17 00:00:00 2001
From: Matt Shaver <60105315+matthewshaver@users.noreply.github.com>
Date: Wed, 13 Nov 2024 16:34:10 -0500
Subject: [PATCH 1/5] Enhancing permissions table
---
.../snippets/_enterprise-permissions-table.md | 125 ++++++++++--------
1 file changed, 68 insertions(+), 57 deletions(-)
diff --git a/website/snippets/_enterprise-permissions-table.md b/website/snippets/_enterprise-permissions-table.md
index 688e8911bf4..c4b1f050d0a 100644
--- a/website/snippets/_enterprise-permissions-table.md
+++ b/website/snippets/_enterprise-permissions-table.md
@@ -1,9 +1,4 @@
-Key:
-
-* (W)rite — Create new or modify existing. Includes `send`, `create`, `delete`, `allocate`, `modify`, `develop`, and `read`.
-* (R)ead — Can view but can not create or change any fields.
-
Permissions:
* Account-level permissions — Permissions related to the management of the dbt Cloud account. For example, billing and account settings.
@@ -12,77 +7,93 @@ Permissions:
### Account roles
Account roles enable you to manage the dbt Cloud account and manage the account settings (for example, generating service tokens, inviting users, and configuring SSO). They also provide project-level permissions. The **Account Admin** role is the highest level of access you can assign.
+Key:
+
+* (W)rite — Create new or modify existing. Includes `send`, `create`, `delete`, `allocate`, `modify`, and `develop`.
+* (R)ead — Can view but can not create or change any fields.
+
#### Account permissions for account roles
+
| Account-level permission| Account Admin | Billing admin | Manage
marketplace
apps | Project creator | Security admin | Viewer |
|:-------------------------|:-------------:|:------------:|:-------------------------:|:---------------:|:--------------:|:------:|
-| Account settings | W | | | R | R | R |
-| Audit logs | R | | | | R | R |
-| Auth provider | W | | | | W | R |
-| Billing | W | W | | | | R |
-| Connections | W | | | W | | |
-| Groups | W | | | R | W | R |
-| Invitations | W | | | W | W | R |
-| IP restrictions | W | | | | W | R |
-| Licenses | W | | | W | W | R |
-| Marketplace app | | | W | | | |
-| Members | W | | | W | W | R |
-| Project (create) | W | | | W | | |
-| Public models | R | R | | R | R | R |
-| Service tokens | W | | | | R | R |
-| Webhooks | W | | | | | |
+| Account settings | W | - | - | R | R | R |
+| Audit logs | R | - | - | - | R | R |
+| Auth provider | W | - | - | - | W | R |
+| Billing | W | W | - | - | - | R |
+| Connections | W | - | - | W | - | - |
+| Groups | W | - | - | R | W | R |
+| Invitations | W | - | - | W | W | R |
+| IP restrictions | W | - | - | - | W | R |
+| Licenses | W | - | - | W | W | R |
+| Marketplace app | - | - | W | - | - | - |
+| Members | W | - | - | W | W | R |
+| Project (create) | W | - | - | W | - | - |
+| Public models | R | R | - | R | R | R |
+| Service tokens | W | - | - | - | R | R |
+| Webhooks | W | - | - | - | - | - |
+
+[^1]: These values are `R`ead only by default, but can be customized to `W`rite with [environment permissions](/docs/cloud/manage-access/environment-permissions#environments-and-roles).
#### Project permissions for account roles
|Project-level permission | Account Admin | Billing admin | Project creator | Security admin | Viewer |
|:-------------------------|:-------------:|:-------------:|:---------------:|:--------------:|:------:|
-| Environment credentials (deployment) | W | | W | | R |
-| Custom env. variables | W | | W | | R |
-| Data platform configurations | W | | W | | R |
-| Develop (IDE or dbt Cloud CLI) | W | | W | | |
-| Environments | W | | W | | R |
-| Jobs | W | | W | | R |
-| Metadata GraphQL API access | R | | R | | R |
-| Permissions | W | | W | W | R |
-| Projects | W | | W | R | R |
-| Repositories | W | | W | | R |
-| Runs | W | | W | | R |
-| Semantic Layer config | W | | W | | R |
+| Environment credentials | W | - | W | - | R |
+| Custom env. variables | W | - | W | - | R |
+| Data platform configurations| W | - | W | - | R |
+| Develop (IDE or dbt Cloud CLI)| W | - | W | - | - |
+| Environments | W | - | W | - | R |
+| Jobs | W | - | W | - | R |
+| Metadata GraphQL API access | R | - | R | - | R |
+| Permissions | W | - | W | W | R |
+| Projects | W | - | W | R | R |
+| Repositories | W | - | W | - | R |
+| Runs | W | - | W | - | R |
+| Semantic Layer config | W | - | W | v | R |
### Project role permissions
The project roles enable you to work within the projects in various capacities. They primarily provide access to project-level permissions such as repos and the IDE or dbt Cloud CLI, but may also provide some account-level permissions.
+Key:
+
+* (W)rite — Create new or modify existing. Includes `send`, `create`, `delete`, `allocate`, `modify`, and `develop`.
+* (R)ead — Can view but can not create or change any fields.
+
#### Account permissions for project roles
| Account-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata
(Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:--------:|:--------------:|:-----------:|:----------:|:-------:|
-| Account settings | R | | R | | R | | | | | | | R | |
-| Auth provider | | | | | | | | | | | | | |
-| Billing | | | | | | | | | | | | | |
-| Connections | R | R | R | R | R | R | | | | | R | R | |
-| Groups | R | | R | R | R | | | | | | R | R | |
-| Invitations | W | R | R | R | R | R | | R | | | R | R | |
-| Licenses | W | R | R | R | R | R | | R | | | | R | |
-| Members | W | | R | R | R | | | | | | R | R | |
-| Project (create) | | | | | | | | | | | | | |
-| Public models | R | R | R | R | R | R | | R | R | R | R | R | R |
-| Service tokens | | | | | | | | | | | | | |
-| Webhooks | W | | | W | | | | | | | | | W |
+| Account settings | R | - | R | - | R | - | - | - | - | - | - | R | - |
+| Auth provider | - | - | - | - | - | - | - | - | - | - | - | - | - |
+| Billing | - | - | - | - | - | - | - | - | - | - | - | - | - |
+| Connections | R | R | R | R | R | R | - | - | - | - | R | R | - |
+| Groups | R | - | R | R | R | - | - | - | - | - | R | R | - |
+| Invitations | W | R | R | R | R | R | - | R | - | - | R | R | - |
+| Licenses | W | R | R | R | R | R | - | R | - | - | - | R | - |
+| Members | W | - | R | R | R | - | - | - | - | - | R | R | - |
+| Project (create) | - | - | - | - | - | - | - | - | - | - | - | - | - |
+| Public models | R | R | R | R | R | R | - | R | R | R | R | R | R |
+| Service tokens | - | - | - | - | - | - | - | - | - | - | - | - | - |
+| Webhooks | W | - | - | W | - | - | - | - | - | - | - | - | W |
#### Project permissions for project roles
+
|Project-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata
(Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
-|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:--------:|:--------------:|:-----------:|:----------:|:-------:|
-| Environment credentials (deployment) | W | W | W | W | R | W | | | | | R | R | |
-| Custom env. variables | W | W | W | W | W | W | | R | | | R | W | |
-| Data platform configurations| W | W | W | W | R | W | | | | | R | R | |
-| Develop
(IDE or dbt Cloud CLI) | W | W | | W | | | | | | | | | |
-| Environments | W | R | R | R | R | W | | R | | | R | R | |
-| Jobs | W | R | R | R | R | W | R | R | | | R | R | |
-| Metadata GraphQL API access | R | R | R | R | R | R | | R | R | | R | R | |
-| Permissions (Groups & Licenses) | W | | R | R | R | | | | | | | R | | | | | R | | |
-| Projects | W | W | W | W | W | R | | R | | | R | W | |
-| Repositories | W | | R | R | W | | | | | | R | R | |
-| Runs | W | R | R | R | R | W | W | R | | | R | R | |
-| Semantic Layer config | W | R | W | R | R | R | | | | W | R | R | |
+|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:---------------------------------------:|:--------------:|:-----------:|:----------:|:-------:|
+| Environment credentials | W | W | W | W | R | W | - | - | - | - | R | R | - |
+| Custom env. variables | W | W | W | W | W | W | - | R | - | - | R | W | - |
+| Data platform configs | W | W | W | W | R | W | - | - | - | - | R | R | - |
+| Develop (IDE or CLI) | W | W | - | W | - | - | - | - | - | - | - | - | - |
+| Environments | W | R[^1]| R[^1] | R[^1] | R[^1] | W | - | R | - | - | R | R[^1] | - |
+| Jobs | W | R[^1]| R[^1] | R[^1] | R[^1] | W | R | R | - | - | R | R[^1] | - |
+| Metadata GraphQL API access| R | R | R | R | R | R | - | R | R | - | R | R | - |
+| Permissions | W | - | R | R | R | - | - | - | - | - | - | R | - |
+| Projects | W | W | W | W | W | R | - | R | - | - | R | W | - |
+| Repositories | W | - | R | R | W | - | - | - | - | - | R | R | - |
+| Runs | W | R[^1]| R[^1] | R[^1] | R[^1] | W | W | R | - | - | R | R[^1] | - |
+| Semantic Layer config | W | R | W | R | R | R | - | - | - | W | R | R | - |
+
+[^1]: These values are `R`ead only by default, but can be customized to `W`rite with [environment permissions](/docs/cloud/manage-access/environment-permissions#environments-and-roles).
\ No newline at end of file
From 5503ca83dddb4eab60b02daa1434543f17457c88 Mon Sep 17 00:00:00 2001
From: Matt Shaver <60105315+matthewshaver@users.noreply.github.com>
Date: Wed, 13 Nov 2024 16:35:51 -0500
Subject: [PATCH 2/5] Update website/snippets/_enterprise-permissions-table.md
---
website/snippets/_enterprise-permissions-table.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/website/snippets/_enterprise-permissions-table.md b/website/snippets/_enterprise-permissions-table.md
index c4b1f050d0a..1643dc4c4ac 100644
--- a/website/snippets/_enterprise-permissions-table.md
+++ b/website/snippets/_enterprise-permissions-table.md
@@ -41,7 +41,7 @@ Key:
| Environment credentials | W | - | W | - | R |
| Custom env. variables | W | - | W | - | R |
| Data platform configurations| W | - | W | - | R |
-| Develop (IDE or dbt Cloud CLI)| W | - | W | - | - |
+| Develop (IDE or CLI) | W | - | W | - | - |
| Environments | W | - | W | - | R |
| Jobs | W | - | W | - | R |
| Metadata GraphQL API access | R | - | R | - | R |
From 86f6e36c1edfd41700e60a430991276ca704fedb Mon Sep 17 00:00:00 2001
From: Matt Shaver <60105315+matthewshaver@users.noreply.github.com>
Date: Wed, 13 Nov 2024 17:11:25 -0500
Subject: [PATCH 3/5] Making tables sortable
---
.../snippets/_enterprise-permissions-table.md | 24 +++++++++++++++++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/website/snippets/_enterprise-permissions-table.md b/website/snippets/_enterprise-permissions-table.md
index 1643dc4c4ac..b5e427b41e6 100644
--- a/website/snippets/_enterprise-permissions-table.md
+++ b/website/snippets/_enterprise-permissions-table.md
@@ -14,6 +14,9 @@ Key:
#### Account permissions for account roles
+
+
+{`
| Account-level permission| Account Admin | Billing admin | Manage
marketplace
apps | Project creator | Security admin | Viewer |
|:-------------------------|:-------------:|:------------:|:-------------------------:|:---------------:|:--------------:|:------:|
| Account settings | W | - | - | R | R | R |
@@ -31,11 +34,15 @@ Key:
| Public models | R | R | - | R | R | R |
| Service tokens | W | - | - | - | R | R |
| Webhooks | W | - | - | - | - | - |
+`}
-[^1]: These values are `R`ead only by default, but can be customized to `W`rite with [environment permissions](/docs/cloud/manage-access/environment-permissions#environments-and-roles).
+
#### Project permissions for account roles
+
+
+{`
|Project-level permission | Account Admin | Billing admin | Project creator | Security admin | Viewer |
|:-------------------------|:-------------:|:-------------:|:---------------:|:--------------:|:------:|
| Environment credentials | W | - | W | - | R |
@@ -50,7 +57,9 @@ Key:
| Repositories | W | - | W | - | R |
| Runs | W | - | W | - | R |
| Semantic Layer config | W | - | W | v | R |
+`}
+
### Project role permissions
@@ -63,6 +72,9 @@ Key:
#### Account permissions for project roles
+
+
+{`
| Account-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata
(Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:--------:|:--------------:|:-----------:|:----------:|:-------:|
| Account settings | R | - | R | - | R | - | - | - | - | - | - | R | - |
@@ -77,10 +89,15 @@ Key:
| Public models | R | R | R | R | R | R | - | R | R | R | R | R | R |
| Service tokens | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Webhooks | W | - | - | W | - | - | - | - | - | - | - | - | W |
+`}
+
+
#### Project permissions for project roles
-
+
+
+{`
|Project-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata
(Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:---------------------------------------:|:--------------:|:-----------:|:----------:|:-------:|
| Environment credentials | W | W | W | W | R | W | - | - | - | - | R | R | - |
@@ -95,5 +112,8 @@ Key:
| Repositories | W | - | R | R | W | - | - | - | - | - | R | R | - |
| Runs | W | R[^1]| R[^1] | R[^1] | R[^1] | W | W | R | - | - | R | R[^1] | - |
| Semantic Layer config | W | R | W | R | R | R | - | - | - | W | R | R | - |
+`}
+
+
[^1]: These values are `R`ead only by default, but can be customized to `W`rite with [environment permissions](/docs/cloud/manage-access/environment-permissions#environments-and-roles).
\ No newline at end of file
From 9d53b59187e6cd0de0d41c1f244cdac8ac01623e Mon Sep 17 00:00:00 2001
From: Matt Shaver <60105315+matthewshaver@users.noreply.github.com>
Date: Wed, 13 Nov 2024 17:26:20 -0500
Subject: [PATCH 4/5] Changing formatting
---
website/snippets/_enterprise-permissions-table.md | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/website/snippets/_enterprise-permissions-table.md b/website/snippets/_enterprise-permissions-table.md
index b5e427b41e6..2b3b3d4b9b0 100644
--- a/website/snippets/_enterprise-permissions-table.md
+++ b/website/snippets/_enterprise-permissions-table.md
@@ -104,16 +104,17 @@ Key:
| Custom env. variables | W | W | W | W | W | W | - | R | - | - | R | W | - |
| Data platform configs | W | W | W | W | R | W | - | - | - | - | R | R | - |
| Develop (IDE or CLI) | W | W | - | W | - | - | - | - | - | - | - | - | - |
-| Environments | W | R[^1]| R[^1] | R[^1] | R[^1] | W | - | R | - | - | R | R[^1] | - |
-| Jobs | W | R[^1]| R[^1] | R[^1] | R[^1] | W | R | R | - | - | R | R[^1] | - |
+| Environments | W | R* | R* | R* | R* | W | - | R | - | - | R | R* | - |
+| Jobs | W | R* | R* | R* | R* | W | R | R | - | - | R | R* | - |
| Metadata GraphQL API access| R | R | R | R | R | R | - | R | R | - | R | R | - |
| Permissions | W | - | R | R | R | - | - | - | - | - | - | R | - |
| Projects | W | W | W | W | W | R | - | R | - | - | R | W | - |
| Repositories | W | - | R | R | W | - | - | - | - | - | R | R | - |
-| Runs | W | R[^1]| R[^1] | R[^1] | R[^1] | W | W | R | - | - | R | R[^1] | - |
+| Runs | W | R* | R* | R* | R* | W | W | R | - | - | R | R* | - |
| Semantic Layer config | W | R | W | R | R | R | - | - | - | W | R | R | - |
+
`}
-[^1]: These values are `R`ead only by default, but can be customized to `W`rite with [environment permissions](/docs/cloud/manage-access/environment-permissions#environments-and-roles).
\ No newline at end of file
+\* These permissions are `R`ead-only by default, but may be changed to `W`rite with [environment permissions](/docs/cloud/manage-access/environment-permissions#environments-and-roles).
From 08a1ca7cd85a8199a647cf03ebc333744850178f Mon Sep 17 00:00:00 2001
From: Matt Shaver <60105315+matthewshaver@users.noreply.github.com>
Date: Wed, 13 Nov 2024 19:51:35 -0500
Subject: [PATCH 5/5] Removing line breaks
---
website/snippets/_enterprise-permissions-table.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/website/snippets/_enterprise-permissions-table.md b/website/snippets/_enterprise-permissions-table.md
index 2b3b3d4b9b0..a5b825d34d2 100644
--- a/website/snippets/_enterprise-permissions-table.md
+++ b/website/snippets/_enterprise-permissions-table.md
@@ -17,7 +17,7 @@ Key:
{`
-| Account-level permission| Account Admin | Billing admin | Manage
marketplace
apps | Project creator | Security admin | Viewer |
+| Account-level permission| Account Admin | Billing admin | Manage marketplace apps | Project creator | Security admin | Viewer |
|:-------------------------|:-------------:|:------------:|:-------------------------:|:---------------:|:--------------:|:------:|
| Account settings | W | - | - | R | R | R |
| Audit logs | R | - | - | - | R | R |
@@ -75,7 +75,7 @@ Key:
{`
-| Account-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata
(Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
+| Account-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata (Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:--------:|:--------------:|:-----------:|:----------:|:-------:|
| Account settings | R | - | R | - | R | - | - | - | - | - | - | R | - |
| Auth provider | - | - | - | - | - | - | - | - | - | - | - | - | - |
@@ -98,7 +98,7 @@ Key:
{`
-|Project-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata
(Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
+|Project-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata (Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:---------------------------------------:|:--------------:|:-----------:|:----------:|:-------:|
| Environment credentials | W | W | W | W | R | W | - | - | - | - | R | R | - |
| Custom env. variables | W | W | W | W | W | W | - | R | - | - | R | W | - |