diff --git a/docs/admin/audit-logs.md b/docs/admin/audit-logs.md index 154f7ab4017f3..c48e473384e66 100644 --- a/docs/admin/audit-logs.md +++ b/docs/admin/audit-logs.md @@ -1,6 +1,6 @@ # Audit Logs -Audit Logs allows **Admins** and **Auditors** to monitor user operations in +Audit Logs allows **Auditors** to monitor user operations in their deployment. ## Tracked Events @@ -32,4 +32,4 @@ The supported filters are: ## Enabling this feature -This feature is auto enabled for all enterprise deployments. Admins may contact us to purchase a license [here](https://coder.com/contact?note=I%20want%20to%20upgrade%20my%20license). +This feature is only available with an enterprise license. [Learn more](./enterprise.md) diff --git a/docs/admin/enterprise.md b/docs/admin/enterprise.md index 370aa1a9fb0c1..5524660bc8b29 100644 --- a/docs/admin/enterprise.md +++ b/docs/admin/enterprise.md @@ -7,13 +7,14 @@ These features are available in the enterprise edition: - [Audit Logging](./audit-logs.md) - [Browser Only Connections](../networking.md#browser-only-connections) +- [Groups](./groups.md) +- [Template RBAC](./rbac.md) - [Quotas](./quotas.md) - [SCIM](./auth.md#scim) And we're releasing these imminently: - High Availability -- Template RBAC - Multiple Git Provider Authentication ## Adding your license key diff --git a/docs/admin/groups.md b/docs/admin/groups.md new file mode 100644 index 0000000000000..9fdf8e1e1e267 --- /dev/null +++ b/docs/admin/groups.md @@ -0,0 +1,10 @@ +# Groups + +Groups can be used with [template RBAC](./rbac.md) to give groups of users access to specific templates. + +![Groups](../images/groups.png) + +## Enabling this feature + +This feature is only available with an enterprise license. [Learn more](./enterprise.md) + diff --git a/docs/admin/quotas.md b/docs/admin/quotas.md index 75e5442d66bac..eaf1334ac0201 100644 --- a/docs/admin/quotas.md +++ b/docs/admin/quotas.md @@ -15,6 +15,10 @@ Then, when users create workspaces they would see: +## Enabling this feature + +This feature is only available with an enterprise license. [Learn more](./enterprise.md) + ## Up next - [Enterprise](./enterprise.md) diff --git a/docs/admin/rbac.md b/docs/admin/rbac.md new file mode 100644 index 0000000000000..976894dd21824 --- /dev/null +++ b/docs/admin/rbac.md @@ -0,0 +1,18 @@ +# Role Based Access Control (RBAC) + +Use RBAC to define which users and [groups](./groups.md) can use specific templates in Coder. + +![rbac](../images/template-rbac.png) + +The "Everyone" group makes a template accessible to all users. This can be removed to make a template private. + +## Permissions + +You can set the following permissions: + +- **Admin**: Read, use, edit, push, and delete +- **View**: Read, use + +## Enabling this feature + +This feature is only available with an enterprise license. [Learn more](./enterprise.md) diff --git a/docs/admin/users.md b/docs/admin/users.md index 926c6bcd95b4d..78344c5fab37f 100644 --- a/docs/admin/users.md +++ b/docs/admin/users.md @@ -7,12 +7,13 @@ This article walks you through the user roles available in Coder and creating an Coder offers these user roles in the community edition: | | User Admin | Template Admin | Owner | -| ------------------------------------------ | ---------- | -------------- |-------| -| Add and remove Users | ✅ | | ✅ | -| Change User roles | | | ✅ | -| Manage Templates | | ✅ | ✅ | -| View, update and delete **ALL** Workspaces | | ✅ | ✅ | -| Execute and use **ALL** Workspaces | | | ✅ | +| ------------------------------------------ | ---------- | -------------- | ----- | +| Add and remove Users | ✅ | | ✅ | +| Manage groups (enterprise) | | | | +| Change User roles | | | ✅ | +| Manage **ALL** Templates | | ✅ | ✅ | +| View, update and delete **ALL** Workspaces | | ✅ | ✅ | +| Execute and use **ALL** Workspaces | | | ✅ | A user may have one or more roles. All users have an implicit Member role that may use personal workspaces. diff --git a/docs/images/groups.png b/docs/images/groups.png new file mode 100644 index 0000000000000..105dbf20e0a3a Binary files /dev/null and b/docs/images/groups.png differ diff --git a/docs/images/icons/rbac.svg b/docs/images/icons/rbac.svg new file mode 100644 index 0000000000000..2992aed14b939 --- /dev/null +++ b/docs/images/icons/rbac.svg @@ -0,0 +1 @@ + diff --git a/docs/images/icons/users.svg b/docs/images/icons/users.svg index cdcde767321af..54c276c0a8eb1 100644 --- a/docs/images/icons/users.svg +++ b/docs/images/icons/users.svg @@ -1 +1 @@ - + diff --git a/docs/images/template-rbac.png b/docs/images/template-rbac.png new file mode 100644 index 0000000000000..45c4519b45618 Binary files /dev/null and b/docs/images/template-rbac.png differ diff --git a/docs/manifest.json b/docs/manifest.json index b0b34f71a7eee..220a900f8f099 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -174,6 +174,12 @@ "icon_path": "./images/icons/wrench.svg", "path": "./admin/index.md", "children": [ + { + "title": "Authentication", + "description": "Learn how to set up authentication using GitHub or OpenID Connect.", + "icon_path": "./images/icons/key.svg", + "path": "./admin/auth.md" + }, { "title": "Users", "description": "Learn about user roles available in Coder and how to create and manage users", @@ -181,10 +187,18 @@ "path": "./admin/users.md" }, { - "title": "Authentication", - "description": "Learn how to set up authentication using GitHub or OpenID Connect.", - "icon_path": "./images/icons/key.svg", - "path": "./admin/auth.md" + "title": "Groups", + "description": "Learn how to manage user groups", + "icon_path": "./images/icons/group.svg", + "path": "./admin/groups.md", + "state": "enterprise" + }, + { + "title": "RBAC", + "description": "Learn how to use the role based access control", + "icon_path": "./images/icons/rbac.svg", + "path": "./admin/rbac.md", + "state": "enterprise" }, { "title": "Configuration", diff --git a/docs/templates.md b/docs/templates.md index 347d601d5e325..fa8ff558bb470 100644 --- a/docs/templates.md +++ b/docs/templates.md @@ -310,6 +310,10 @@ practices: - The Coder agent logs are typically stored in `/var/log/coder-agent.log` - The Coder agent startup script logs are typically stored in `/var/log/coder-startup-script.log` +## Template permissions (enterprise) + +Template permissions can be used to give users and groups access to specific templates. [Learn more about RBAC](./admin/rbac.md). + ## Change Management We recommend source controlling your templates as you would other code. diff --git a/site/src/pages/GroupsPage/GroupsPageView.tsx b/site/src/pages/GroupsPage/GroupsPageView.tsx index aea4a80632f8c..9b039e61270c6 100644 --- a/site/src/pages/GroupsPage/GroupsPageView.tsx +++ b/site/src/pages/GroupsPage/GroupsPageView.tsx @@ -60,7 +60,7 @@ export const GroupsPageView: React.FC = ({ diff --git a/site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPage.tsx b/site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPage.tsx index 9851f1c13e9cc..63feeb1c0584c 100644 --- a/site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPage.tsx +++ b/site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPage.tsx @@ -55,7 +55,7 @@ export const TemplatePermissionsPage: FC< diff --git a/site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPageView.tsx b/site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPageView.tsx index 3b26474b71d9c..2e4931587f9d6 100644 --- a/site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPageView.tsx +++ b/site/src/pages/TemplatePage/TemplatePermissionsPage/TemplatePermissionsPageView.tsx @@ -131,14 +131,14 @@ const RoleSelect: FC = (props) => {
View
-
Read, access
+
Read, use
Admin
- Read, access, edit, push, and delete + Read, use, edit, push, and delete