Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhancing permissions table #6479

Merged
merged 7 commits into from
Nov 14, 2024
Merged

Enhancing permissions table #6479

Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
b492bed
Enhancing permissions table
matthewshaver Nov 13, 2024
5503ca8
Update website/snippets/_enterprise-permissions-table.md
matthewshaver Nov 13, 2024
1817618
Merge branch 'current' into add-dash
matthewshaver Nov 13, 2024
86f6e36
Making tables sortable
matthewshaver Nov 13, 2024
9d53b59
Changing formatting
matthewshaver Nov 13, 2024
08a1ca7
Removing line breaks
matthewshaver Nov 14, 2024
e2c91f1
Merge branch 'current' into add-dash
matthewshaver Nov 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
125 changes: 68 additions & 57 deletions website/snippets/_enterprise-permissions-table.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,4 @@

Key:

* (W)rite — Create new or modify existing. Includes `send`, `create`, `delete`, `allocate`, `modify`, `develop`, and `read`.
* (R)ead — Can view but can not create or change any fields.

Permissions:

* Account-level permissions — Permissions related to the management of the dbt Cloud account. For example, billing and account settings.
Expand All @@ -12,77 +7,93 @@
### Account roles
Account roles enable you to manage the dbt Cloud account and manage the account settings (for example, generating service tokens, inviting users, and configuring SSO). They also provide project-level permissions. The **Account Admin** role is the highest level of access you can assign.

Key:

* (W)rite — Create new or modify existing. Includes `send`, `create`, `delete`, `allocate`, `modify`, and `develop`.
* (R)ead — Can view but can not create or change any fields.

#### Account permissions for account roles

| Account-level permission| Account Admin | Billing admin | Manage <br></br> marketplace <br></br> apps | Project creator | Security admin | Viewer |
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

<br></br> is showing up as code in the header "Manage marketplace apps"

Suggested change
| Account-level permission| Account Admin | Billing admin | Manage <br></br> marketplace <br></br> apps | Project creator | Security admin | Viewer |
| Account-level permission| Account Admin | Billing admin | Manage <br></br> marketplace <br></br> apps | Project creator | Security admin | Viewer |

|:-------------------------|:-------------:|:------------:|:-------------------------:|:---------------:|:--------------:|:------:|
| Account settings | W | | | R | R | R |
| Audit logs | R | | | | R | R |
| Auth provider | W | | | | W | R |
| Billing | W | W | | | | R |
| Connections | W | | | W | | |
| Groups | W | | | R | W | R |
| Invitations | W | | | W | W | R |
| IP restrictions | W | | | | W | R |
| Licenses | W | | | W | W | R |
| Marketplace app | | | W | | | |
| Members | W | | | W | W | R |
| Project (create) | W | | | W | | |
| Public models | R | R | | R | R | R |
| Service tokens | W | | | | R | R |
| Webhooks | W | | | | | |
| Account settings | W | - | - | R | R | R |

Check warning on line 19 in website/snippets/_enterprise-permissions-table.md

View workflow job for this annotation

GitHub Actions / vale

[vale] website/snippets/_enterprise-permissions-table.md#L19 

[custom.UIElements] UI elements like 'Account settings' should be bold.
Raw output 
{"message": "[custom.UIElements] UI elements like 'Account settings' should be bold.", "location": {"path": "website/snippets/_enterprise-permissions-table.md", "range": {"start": {"line": 19, "column": 3}}}, "severity": "WARNING"}
| Audit logs | R | - | - | - | R | R |
| Auth provider | W | - | - | - | W | R |
| Billing | W | W | - | - | - | R |
| Connections | W | - | - | W | - | - |
| Groups | W | - | - | R | W | R |
| Invitations | W | - | - | W | W | R |
| IP restrictions | W | - | - | - | W | R |
| Licenses | W | - | - | W | W | R |
| Marketplace app | - | - | W | - | - | - |
| Members | W | - | - | W | W | R |
| Project (create) | W | - | - | W | - | - |
| Public models | R | R | - | R | R | R |
| Service tokens | W | - | - | - | R | R |
| Webhooks | W | - | - | - | - | - |

[^1]: These values are `R`ead only by default, but can be customized to `W`rite with [environment permissions](/docs/cloud/manage-access/environment-permissions#environments-and-roles).

#### Project permissions for account roles

|Project-level permission | Account Admin | Billing admin | Project creator | Security admin | Viewer |
|:-------------------------|:-------------:|:-------------:|:---------------:|:--------------:|:------:|
| Environment credentials (deployment) | W | | W | | R |
| Custom env. variables | W | | W | | R |
| Data platform configurations | W | | W | | R |
| Develop (IDE or dbt Cloud CLI) | W | | W | | |
| Environments | W | | W | | R |
| Jobs | W | | W | | R |
| Metadata GraphQL API access | R | | R | | R |
| Permissions | W | | W | W | R |
| Projects | W | | W | R | R |
| Repositories | W | | W | | R |
| Runs | W | | W | | R |
| Semantic Layer config | W | | W | | R |
| Environment credentials | W | - | W | - | R |
| Custom env. variables | W | - | W | - | R |
| Data platform configurations| W | - | W | - | R |
| Develop (IDE or dbt Cloud CLI)| W | - | W | - | - |
matthewshaver marked this conversation as resolved.
Show resolved Hide resolved
| Environments | W | - | W | - | R |
| Jobs | W | - | W | - | R |
| Metadata GraphQL API access | R | - | R | - | R |
| Permissions | W | - | W | W | R |
| Projects | W | - | W | R | R |
| Repositories | W | - | W | - | R |
| Runs | W | - | W | - | R |
| Semantic Layer config | W | - | W | v | R |


### Project role permissions

The project roles enable you to work within the projects in various capacities. They primarily provide access to project-level permissions such as repos and the IDE or dbt Cloud CLI, but may also provide some account-level permissions.

Key:

* (W)rite &mdash; Create new or modify existing. Includes `send`, `create`, `delete`, `allocate`, `modify`, and `develop`.
* (R)ead &mdash; Can view but can not create or change any fields.

#### Account permissions for project roles

| Account-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata <br></br>(Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:--------:|:--------------:|:-----------:|:----------:|:-------:|
| Account settings | R | | R | | R | | | | | | | R | |
| Auth provider | | | | | | | | | | | | | |
| Billing | | | | | | | | | | | | | |
| Connections | R | R | R | R | R | R | | | | | R | R | |
| Groups | R | | R | R | R | | | | | | R | R | |
| Invitations | W | R | R | R | R | R | | R | | | R | R | |
| Licenses | W | R | R | R | R | R | | R | | | | R | |
| Members | W | | R | R | R | | | | | | R | R | |
| Project (create) | | | | | | | | | | | | | |
| Public models | R | R | R | R | R | R | | R | R | R | R | R | R |
| Service tokens | | | | | | | | | | | | | |
| Webhooks | W | | | W | | | | | | | | | W |
| Account settings | R | - | R | - | R | - | - | - | - | - | - | R | - |

Check warning on line 68 in website/snippets/_enterprise-permissions-table.md

View workflow job for this annotation

GitHub Actions / vale

[vale] website/snippets/_enterprise-permissions-table.md#L68 

[custom.UIElements] UI elements like 'Account settings' should be bold.
Raw output 
{"message": "[custom.UIElements] UI elements like 'Account settings' should be bold.", "location": {"path": "website/snippets/_enterprise-permissions-table.md", "range": {"start": {"line": 68, "column": 3}}}, "severity": "WARNING"}
| Auth provider | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Billing | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Connections | R | R | R | R | R | R | - | - | - | - | R | R | - |
| Groups | R | - | R | R | R | - | - | - | - | - | R | R | - |
| Invitations | W | R | R | R | R | R | - | R | - | - | R | R | - |
| Licenses | W | R | R | R | R | R | - | R | - | - | - | R | - |
| Members | W | - | R | R | R | - | - | - | - | - | R | R | - |
| Project (create) | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Public models | R | R | R | R | R | R | - | R | R | R | R | R | R |
| Service tokens | - | - | - | - | - | - | - | - | - | - | - | - | - |
| Webhooks | W | - | - | W | - | - | - | - | - | - | - | - | W |

#### Project permissions for project roles


|Project-level permission | Admin | Analyst | Database admin | Developer | Git Admin | Job admin | Job runner | Job viewer | Metadata <br></br> (Discovery API only) | Semantic Layer | Stakeholder | Team admin | Webhook |
|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:--------:|:--------------:|:-----------:|:----------:|:-------:|
| Environment credentials (deployment) | W | W | W | W | R | W | | | | | R | R | |
| Custom env. variables | W | W | W | W | W | W | | R | | | R | W | |
| Data platform configurations| W | W | W | W | R | W | | | | | R | R | |
| Develop <br />(IDE or dbt Cloud CLI) | W | W | | W | | | | | | | | | |
| Environments | W | R | R | R | R | W | | R | | | R | R | |
| Jobs | W | R | R | R | R | W | R | R | | | R | R | |
| Metadata GraphQL API access | R | R | R | R | R | R | | R | R | | R | R | |
| Permissions (Groups & Licenses) | W | | R | R | R | | | | | | | R | | | | | R | | |
| Projects | W | W | W | W | W | R | | R | | | R | W | |
| Repositories | W | | R | R | W | | | | | | R | R | |
| Runs | W | R | R | R | R | W | W | R | | | R | R | |
| Semantic Layer config | W | R | W | R | R | R | | | | W | R | R | |
|--------------------------|:-----:|:-------:|:--------------:|:---------:|:---------:|:---------:|:-----------:|:-----------:|:---------------------------------------:|:--------------:|:-----------:|:----------:|:-------:|
| Environment credentials | W | W | W | W | R | W | - | - | - | - | R | R | - |
| Custom env. variables | W | W | W | W | W | W | - | R | - | - | R | W | - |
| Data platform configs | W | W | W | W | R | W | - | - | - | - | R | R | - |
| Develop (IDE or CLI) | W | W | - | W | - | - | - | - | - | - | - | - | - |
| Environments | W | R[^1]| R[^1] | R[^1] | R[^1] | W | - | R | - | - | R | R[^1] | - |
| Jobs | W | R[^1]| R[^1] | R[^1] | R[^1] | W | R | R | - | - | R | R[^1] | - |
| Metadata GraphQL API access| R | R | R | R | R | R | - | R | R | - | R | R | - |
| Permissions | W | - | R | R | R | - | - | - | - | - | - | R | - |
| Projects | W | W | W | W | W | R | - | R | - | - | R | W | - |
| Repositories | W | - | R | R | W | - | - | - | - | - | R | R | - |
| Runs | W | R[^1]| R[^1] | R[^1] | R[^1] | W | W | R | - | - | R | R[^1] | - |
| Semantic Layer config | W | R | W | R | R | R | - | - | - | W | R | R | - |

[^1]: These values are `R`ead only by default, but can be customized to `W`rite with [environment permissions](/docs/cloud/manage-access/environment-permissions#environments-and-roles).
Loading