[PL-46871] Account Admin: Custom resource group #6689
Conversation
saifeemustafaqharness
requested review from
nataraja2018,
gn-harness,
kallesh2022,
pratmit and
harishkammanahalli
saifeemustafaqharness
changed the title
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664326bb9a4cd6bc64355937--harness-developer.netlify.app |
|
@brian-f-harness Do you think this would require screenshots as well in the steps? |
@saifeemustafaqharness I don't personally use a lot of screenshots. Our developer audience is comfortable using a UI. Here's guidance from our style guide. I do have some other suggestions for this PR to update the steps to align with our style guide. I'm still working through the review. |
| @@ -144,3 +144,31 @@ Creating roles is one part of [configuring RBAC in Harness](/docs/platform/role- | |||
| Roles, which grant permissions, work alongside [resource groups](/docs/platform/role-based-access-control/add-resource-groups), which grant access. | |||
|
|
|||
| After configuring roles and resource group, you assign them to [users](./add-users.md), [user groups](./add-user-groups.md), and [service accounts](./add-and-manage-service-account.md). | |||
|
|
|||
| ## Adding Account Admin permissions to users in a Custom Resource Group | |||
There was a problem hiding this comment.
This is not meaningful.
Maybe something like:
"Adding all permissions access to specific resources selected via Custom Resource Group
Comment"
There was a problem hiding this comment.
@brian-f-harness Can we write in this format:
Adding all permissions access to specific resources selected via Custom Resource Group
??
There was a problem hiding this comment.
@saifeemustafaqharness We want to avoid using gerunds in headings.
https://harness.atlassian.net/wiki/spaces/DOCS/pages/21544468526/Harness+documentation+style+guide#Headings%2C-titles
| 8. After you have clicked on apply, an invitation to the specified user email will be sent. After the user accepts the invite, the role binding process is comlete. | ||
| 9. The user can now login through their account and access only those resources that are allowed in the resource groups with their **Account Admin** permissions. | ||
|
|
||
| To add an existing user to a custom Resource Group and do Role bindings: |
There was a problem hiding this comment.
Here its about providing role binding to Principal and selecting role and Resource Group. Its not about adding user to Resource Group.
There was a problem hiding this comment.
Will change the verbiage to mention this
|
|
||
| To add an existing user to a custom Resource Group and do Role bindings: | ||
|
|
||
| 1. Go to **Account Settings**, select **Access Control**, and then choose **Resource Group**. |
There was a problem hiding this comment.
Do we need this 2 sections. Seems repetitive.
There was a problem hiding this comment.
Two sections are required because one scenario is for a new user and another one is for an existing user; merging both will look like a very long process.
There was a problem hiding this comment.
@saifeemustafaqharness Recommend following existing patterns for processes that can be completed at multiple scopes. Made some comments and will re-review after changes are implemented.
I recommend that you walk through the steps in the UI and be sure to refer to all UI elements by their exact name.
| @@ -144,3 +144,31 @@ Creating roles is one part of [configuring RBAC in Harness](/docs/platform/role- | |||
| Roles, which grant permissions, work alongside [resource groups](/docs/platform/role-based-access-control/add-resource-groups), which grant access. | |||
|
|
|||
| After configuring roles and resource group, you assign them to [users](./add-users.md), [user groups](./add-user-groups.md), and [service accounts](./add-and-manage-service-account.md). | |||
|
|
|||
| ## Adding Account Admin permissions to users in a Custom Resource Group | |||
There was a problem hiding this comment.
We want to avoid using gerunds in headings.
https://harness.atlassian.net/wiki/spaces/DOCS/pages/21544468526/Harness+documentation+style+guide#Headings%2C-titles
| You can create a resource group and assign role bindings to the user group. This ensures that any new user added to this resource group automatically receives the necessary roles. | ||
|
|
||
| To add new users to a custom Resource Group and do Role bindings: | ||
|
|
There was a problem hiding this comment.
We can do this at the account/org/project scope. Recommend following existing patterns for processes we can do at any scope.
Co-authored-by: brian-f <brian.fisher@harness.io>
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://66446392bbac656c00c1697d--harness-developer.netlify.app |
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664465201c0ea368898036eb--harness-developer.netlify.app |
Co-authored-by: brian-f <brian.fisher@harness.io>
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664c71de736e05076a14f513--harness-developer.netlify.app |
Co-authored-by: brian-f <brian.fisher@harness.io>
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664cac75cab63c07a911a07f--harness-developer.netlify.app |
Co-authored-by: brian-f <brian.fisher@harness.io>
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664cb08e3fd5cb0bfc38ebaa--harness-developer.netlify.app |
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664cb0cd9be4a30c66d65272--harness-developer.netlify.app |
Co-authored-by: brian-f <brian.fisher@harness.io>
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664cb9e58b63a4007becbaf7--harness-developer.netlify.app |
Co-authored-by: brian-f <brian.fisher@harness.io>
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://66508178bc969c2d4a1f1217--harness-developer.netlify.app |
| 2. Under **Access Control**, select **Resource Groups**. | ||
| 3. Create a new **Resource Group**, select the desired resource types, and then select **Save**. | ||
| 4. Return to **Account Settings**. Under **Access Control**, select **Users**. | ||
| 5. Search for the user to whom you want to assign the **Account Admin** role, and then select the user. |
There was a problem hiding this comment.
Instead of Account Admin we can mention Account Admin/Any custom role with all permissions selected as for resource selected in resource group. You can re-word it.
There was a problem hiding this comment.
Done
| 3. Create a new **Resource Group**, select the desired resource types, and click **Save**. | ||
| 4. Return to **Account Settings**. Under **Access Control**, select **Users**. | ||
| 5. Click **New User**, enter the user's email, then, under **Role Bindings**, select **Add**. | ||
| 6. Under **Roles**, click **Select a role**, then choose **Account Admin** from the dropdown. |
There was a problem hiding this comment.
Instead of Account Admin we can mention Account Admin/Any custom role with all permissions selected as for resource selected in resource group. You can re-word it.
There was a problem hiding this comment.
Done
|
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://6654a5a01d346a30de284671--harness-developer.netlify.app |
|
@brian-f-harness Are we good to merge this? Jimit has approved. |
Thanks for contributing to the Harness Developer Hub! Our code owners will review your submission.
Description
PR lifecycle
We aim to merge PRs within one week or less, but delays happen sometimes.
If your PR is open longer than two weeks without any human activity, please tag a code owner in a comment.
PRs must meet these requirements to be merged: