Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
| | Global Admin | Administers account configuration and users | Yes | All Namespaces (cannot be revoked) | Usage only | | ||
| | Developer | Creates and manages Namespaces they own | Yes | Namespaces they create (can be revoked) | None | | ||
| | Finance Admin | Manages billing and payment information | No | None | Full billing and payments | | ||
| | Read-Only | Views account configuration and resources | No | None | None | |
There was a problem hiding this comment.
I removed the massive API level table because I think they go stale quickly and are hard to maintain, and instead wrote a high-level table. I think we should link to the source from here, but here is perhaps room for automation in the future if we want to publish that granular level of detail in docs
There was a problem hiding this comment.
@LutaoX your call, but my drive by: the API level detail is important because the per-role boundaries are not totally clean/intuitive, and the API level will be even more important as we ship custom roles.
|
|
||
| ### Frequently Asked Questions | ||
| The new users receive an email with a link to accept the invitation and complete their setup. The new user must use this | ||
| link to sign up to be added to your account unless the account has a SAML configuration. If your account has a SAML |
There was a problem hiding this comment.
I inferred this from the previous statement of "If they have SAML setup, they can ignore the invitation email." Is this true? @LutaoX
What happens when you add users to Temporal app in your SAML IdP, but you don't invite them in Temporal?
|
We have a big warning currently that I've broken down into smaller parts so it's more digestible and less jarring. But there is one sentence here:
This one doesn't have any context to me, so I've removed it. Do you know what this warning could be about so I can word it better? @LutaoX |
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
|
||
| ## Roles and permissions | ||
|
|
||
| Temporal Cloud' RBAC model works in a hierarchical manner. Account-level roles grant permissions to perform actions |
There was a problem hiding this comment.
| Temporal Cloud' RBAC model works in a hierarchical manner. Account-level roles grant permissions to perform actions | |
| Temporal Cloud's RBAC model works in a hierarchical manner. Account-level roles grant permissions to perform actions |
| 1. In Temporal Web UI, select **Namespaces** in the left portion of the window. | ||
| 1. On the **Namespaces** page, select the Namespace. | ||
| 1. If necessary, scroll down to the list of permissions | ||
| 1. If necessary, scroll down to the list of permissions. | ||
| 1. On the user profile page in **Namespace permissions**, select the Namespace. | ||
| 1. On the Namespace page in **Account Level Role**, select the role. | ||
| 1. Select **Save**. |
There was a problem hiding this comment.
I think this flow needs to be updated at least to work with the Identities tab within the NS UI, but also feels like a circuitous route. Took me a minute to realize this is describing changing Account role vs NS-level permission
| This latter rule is useful for anyone on your team who may need to be contacted urgently, regardless of their Account | ||
| role. | ||
|
|
||
| ## Namespace-level permissions {#namespace-level-permissions} |
There was a problem hiding this comment.
Do we need this custom anchor?
| 'cloud/get-started/users', | ||
| 'cloud/manage-access/roles-and-permissions', | ||
| 'cloud/get-started/user-groups', |
There was a problem hiding this comment.
| 'cloud/get-started/users', | |
| 'cloud/manage-access/roles-and-permissions', | |
| 'cloud/get-started/user-groups', | |
| 'cloud/manage-access/roles-and-permissions', | |
| 'cloud/get-started/users', | |
| 'cloud/get-started/user-groups', |
Tee up what the roles + permissions are, then group how to manage them for each principal type
2 participants
What does this PR do?
Refactors the user access section. Introduces new page /roles-and-permissions
Notes to reviewers
┆Attachments: EDU-5960 docs: Cloud users refactor