-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PL-46871] Account Admin: Custom resource group #6689
Conversation
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664326bb9a4cd6bc64355937--harness-developer.netlify.app |
@brian-f-harness Do you think this would require screenshots as well in the steps? |
@saifeemustafaqharness I don't personally use a lot of screenshots. Our developer audience is comfortable using a UI. Here's guidance from our style guide. I do have some other suggestions for this PR to update the steps to align with our style guide. I'm still working through the review. |
@@ -144,3 +144,31 @@ Creating roles is one part of [configuring RBAC in Harness](/docs/platform/role- | |||
Roles, which grant permissions, work alongside [resource groups](/docs/platform/role-based-access-control/add-resource-groups), which grant access. | |||
|
|||
After configuring roles and resource group, you assign them to [users](./add-users.md), [user groups](./add-user-groups.md), and [service accounts](./add-and-manage-service-account.md). | |||
|
|||
## Adding Account Admin permissions to users in a Custom Resource Group |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not meaningful.
Maybe something like:
"Adding all permissions access to specific resources selected via Custom Resource Group
Comment"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@brian-f-harness Can we write in this format:
Adding all permissions access to specific resources selected via Custom Resource Group
??
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@saifeemustafaqharness We want to avoid using gerunds in headings.
https://harness.atlassian.net/wiki/spaces/DOCS/pages/21544468526/Harness+documentation+style+guide#Headings%2C-titles
8. After you have clicked on apply, an invitation to the specified user email will be sent. After the user accepts the invite, the role binding process is comlete. | ||
9. The user can now login through their account and access only those resources that are allowed in the resource groups with their **Account Admin** permissions. | ||
|
||
To add an existing user to a custom Resource Group and do Role bindings: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here its about providing role binding to Principal and selecting role and Resource Group. Its not about adding user to Resource Group.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will change the verbiage to mention this
|
||
To add an existing user to a custom Resource Group and do Role bindings: | ||
|
||
1. Go to **Account Settings**, select **Access Control**, and then choose **Resource Group**. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need this 2 sections. Seems repetitive.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two sections are required because one scenario is for a new user and another one is for an existing user; merging both will look like a very long process.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@saifeemustafaqharness Recommend following existing patterns for processes that can be completed at multiple scopes. Made some comments and will re-review after changes are implemented.
I recommend that you walk through the steps in the UI and be sure to refer to all UI elements by their exact name.
@@ -144,3 +144,31 @@ Creating roles is one part of [configuring RBAC in Harness](/docs/platform/role- | |||
Roles, which grant permissions, work alongside [resource groups](/docs/platform/role-based-access-control/add-resource-groups), which grant access. | |||
|
|||
After configuring roles and resource group, you assign them to [users](./add-users.md), [user groups](./add-user-groups.md), and [service accounts](./add-and-manage-service-account.md). | |||
|
|||
## Adding Account Admin permissions to users in a Custom Resource Group |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We want to avoid using gerunds in headings.
https://harness.atlassian.net/wiki/spaces/DOCS/pages/21544468526/Harness+documentation+style+guide#Headings%2C-titles
You can create a resource group and assign role bindings to the user group. This ensures that any new user added to this resource group automatically receives the necessary roles. | ||
|
||
To add new users to a custom Resource Group and do Role bindings: | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can do this at the account/org/project scope. Recommend following existing patterns for processes we can do at any scope.
Co-authored-by: brian-f <brian.fisher@harness.io>
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://66446392bbac656c00c1697d--harness-developer.netlify.app |
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664465201c0ea368898036eb--harness-developer.netlify.app |
Co-authored-by: brian-f <brian.fisher@harness.io>
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664c71de736e05076a14f513--harness-developer.netlify.app |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added some additional suggestions for your consideration.
Co-authored-by: brian-f <brian.fisher@harness.io>
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664cac75cab63c07a911a07f--harness-developer.netlify.app |
Co-authored-by: brian-f <brian.fisher@harness.io>
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664cb08e3fd5cb0bfc38ebaa--harness-developer.netlify.app |
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664cb0cd9be4a30c66d65272--harness-developer.netlify.app |
Co-authored-by: brian-f <brian.fisher@harness.io>
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://664cb9e58b63a4007becbaf7--harness-developer.netlify.app |
Co-authored-by: brian-f <brian.fisher@harness.io>
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://66508178bc969c2d4a1f1217--harness-developer.netlify.app |
2. Under **Access Control**, select **Resource Groups**. | ||
3. Create a new **Resource Group**, select the desired resource types, and then select **Save**. | ||
4. Return to **Account Settings**. Under **Access Control**, select **Users**. | ||
5. Search for the user to whom you want to assign the **Account Admin** role, and then select the user. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of Account Admin we can mention Account Admin/Any custom role with all permissions selected as for resource selected in resource group. You can re-word it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
3. Create a new **Resource Group**, select the desired resource types, and click **Save**. | ||
4. Return to **Account Settings**. Under **Access Control**, select **Users**. | ||
5. Click **New User**, enter the user's email, then, under **Role Bindings**, select **Add**. | ||
6. Under **Roles**, click **Select a role**, then choose **Account Admin** from the dropdown. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of Account Admin we can mention Account Admin/Any custom role with all permissions selected as for resource selected in resource group. You can re-word it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
Please check the Execution Link of the Pipeline for the Website Draft URL. This is located in the Preview Step behind the Harness VPN and also is available in #hdh_alerts. E.g Website Draft URL: https://unique-id--harness-developer.netlify.app. Current Draft URL is: https://6654a5a01d346a30de284671--harness-developer.netlify.app |
@brian-f-harness Are we good to merge this? Jimit has approved. |
Thanks for contributing to the Harness Developer Hub! Our code owners will review your submission.
Description
PR lifecycle
We aim to merge PRs within one week or less, but delays happen sometimes.
If your PR is open longer than two weeks without any human activity, please tag a code owner in a comment.
PRs must meet these requirements to be merged: