Skip to content

Clean up the Cloud Console roles topic #19758

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 11 commits into
base: main
Choose a base branch
from
Open

Clean up the Cloud Console roles topic #19758

wants to merge 11 commits into from

Conversation

jhlodin
Copy link
Contributor

@jhlodin jhlodin commented Jun 11, 2025
edited
Loading

  • Create a table describing roles and privileges at a high level, based on internal guidance
  • Reword the language used on the cloud console auth page to be more consistent
  • Correct usage of "Org Administrator" and "Cluster Administrator" to reflect the role names in the console, which are "Organization Admin" and "Cluster Admin" respectively
  • Disambiguate between Cloud Console roles and SQL User roles:
    • Cloud Console roles are "assigned" and give "permissions". Arbitrary terms, discussed with @mikeCRL
    • SQL User roles are "granted" and give "privileges". Specific terms associated with GRANT and related SQL statements

@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 11, 2025
edited
Loading

Files changed:

@netlify Netlify
Copy link

netlify bot commented Jun 11, 2025
edited
Loading

Deploy Preview for cockroachdb-interactivetutorials-docs canceled.

Name Link
🔨 Latest commit 9d60dfd
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-interactivetutorials-docs/deploys/685dbae6b1f7be00085e642f

@netlify Netlify
Copy link

netlify bot commented Jun 11, 2025
edited
Loading

Deploy Preview for cockroachdb-api-docs canceled.

Name Link
🔨 Latest commit 9d60dfd
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-api-docs/deploys/685dbae655c4820008b28cbd

@netlify Netlify
Copy link

netlify bot commented Jun 11, 2025
edited
Loading

Deploy Preview for cockroachdb-docs failed. Why did it fail? →

Name Link
🔨 Latest commit 9d60dfd
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-docs/deploys/685dbae6d5623a0008ea19ac

@jhlodin jhlodin marked this pull request as ready for review June 12, 2025 19:54
@jhlodin
Copy link
Contributor Author

jhlodin commented Jun 12, 2025

Screenshot showing how the table renders. Note that it currently requires horizontal scrolling on browser windows smaller than fullscreen 1920x1080 which may not be acceptable.

Screenshot 2025-06-12 at 4 01 49 PM

@jhlodin jhlodin changed the title Add table describing cloud console roles Clean up the Cloud Console roles topic Jun 16, 2025
@jhlodin jhlodin force-pushed the jl/doc-12238 branch 2 times, most recently from 7cb8e59 to e86347f Compare June 16, 2025 17:40
jaiayu
jaiayu reviewed Jun 17, 2025
View reviewed changes
src/current/_includes/cockroachcloud/org-roles/cloud-roles-table.md
| `Folder` | Applies to clusters within a specific folder. Only available as a selectable scope if folders have been created within the organization by a user with the `Folder Admin` role | `Cluster Creator`, `Cluster Admin`, `Folder Admin`, `Folder Mover` |
| `Cluster` | Applies to a specific cluster | `Cluster Admin`, `Cluster Operator`, `Cluster Developer` |

{% if page.name != 'authorization.md' %}For more information on these roles and the specific permissions given, see [Organization user roles]({% link cockroachcloud/authorization.md %}#organization-member).{% endif %}
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@biplav-crl can you review these roles and permissions and ensure they are correct?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to add which roles can do cluster upgrade/downgrade. Additionally, add PCR whenever we add documentation for PCR. Mention about Terraform for Cluster Creator/Admin. Also bring in details for ccloud. I see network auth, but calling our create private clusters, egress perimeter control would be a good idea. Also, linking these operation to relevant documentation pages will add value.

I was unable to review the pages and have just reviewed the table. Apart from above feedback comments, rest LGTM.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We must ideally create a similar table for Cloud Console API's. Categories might be similar but listing our APIs instead of permission might be a good idea.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We must ideally create a similar table for Cloud Console API's. Categories might be similar but listing our APIs instead of permission might be a good idea.

Created a follow-up ticket to address this. DOC-14106

jaiayu
jaiayu reviewed Jun 17, 2025
View reviewed changes
jaiayu
jaiayu reviewed Jun 17, 2025
View reviewed changes
mikeCRL
mikeCRL approved these changes Jun 17, 2025
View reviewed changes
Copy link
Contributor

@mikeCRL mikeCRL left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I'd like us to look at iterating on the table styles but that can happen in a follow up. Perhaps an issue for Ed Infra?

jaiayu
jaiayu reviewed Jun 17, 2025
View reviewed changes
@biplav-crl
Copy link

I have reviewed the table and left my comments above. For any remaining changes, will have to look at a deployed version. Thx.

@rmloveland rmloveland self-requested a review June 18, 2025 14:33
@jhlodin
Copy link
Contributor Author

jhlodin commented Jun 18, 2025

I have reviewed the table and left my comments above. For any remaining changes, will have to look at a deployed version. Thx.

@biplav-crl Deploy preview can be found here - https://deploy-preview-19758--cockroachdb-docs.netlify.app/docs/cockroachcloud/authorization

rmloveland
rmloveland approved these changes Jun 18, 2025
View reviewed changes
Copy link
Contributor

@rmloveland rmloveland left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM from the narrow POV of the terminology change to:

  • Cloud users are "assigned" "permissions"
  • SQL users are "granted" "privileges"

I think this is a huge improvement in clarity!

@jhlodin is there any chance you'd PR a new 'Controlled Vocabulary' section in our Style Guide and add this terminology there?

@jhlodin
Copy link
Contributor Author

jhlodin commented Jun 20, 2025

Convo with Ayushi:

  • Should probably move from Cloud Console roles to "Cloud roles", because some of those roles grant privileges not specific to the console. such as Billing roles using the Billing API.
  • Validated that the two types of roles are completely independent.

@biplav-crl
Copy link

Thanks @jhlodin . LGTM. Just more of a convention question, not for these changes specifically, we cant track them as a backlog and take them up in future:

  • Every operations manual like Manage Backup page, should list the cloud roles which can perform this activity.

Thx.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mikeCRL mikeCRL mikeCRL approved these changes

@jaiayu jaiayu jaiayu left review comments

@biplav-crl biplav-crl biplav-crl left review comments

@rmloveland rmloveland rmloveland approved these changes

@kannanlakshmi kannanlakshmi Awaiting requested review from kannanlakshmi

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jhlodin @biplav-crl @rmloveland @mikeCRL @jaiayu