Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update: reorder org permissions #687

Merged
merged 1 commit into from
Feb 11, 2025
Merged

update: reorder org permissions #687

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docs/platform/concepts/permissions.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,9 @@ and services within it.

| Console name | API name | Allowed actions |
| ------------------- | ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Admin | `role:organization:admin` | <ul> <li> Full access to the organization. </li> <li> View and change billing information. </li> <li> Change the authentication policy. </li> <li> Create and delete organizational units and projects. </li> <li> Move projects within an organization and to other organizations. </li> <li> Invite, deactivate, and remove organization users. </li> <li> Create, edit, and delete groups. </li> <li> Create and delete application users and their tokens. </li> <li> Add and remove domains. </li> <li> Add, enable, disable, and remove identity providers. </li> </ul> Cannot delete an organization or manage its super admin. |
| Organization member | None | This is the default role for all organization users. **You cannot grant this role to users.** <br/> <br/> All non-managed organization users can: <ul> <li> Edit their profiles. </li> <li> Create organizations. </li> <li> Leave organizations. </li> <li> Add [allowed authentication methods](/docs/platform/howto/set-authentication-policies). </li> <li> Generate and revoke personal tokens, if allowed by the [authentication policy](/docs/platform/howto/set-authentication-policies). </li> <li> Enable and disable feature previews. </li> </ul> <br/> [Managed users](/docs/platform/concepts/managed-users) have more restrictions. |
| Super admin | None | <ul> <li> Completely unrestricted access to all organization resources and settings, including: all units and projects, billing information, the authentication policy, [other super admin](/docs/platform/howto/manage-permissions#make-users-super-admin), organization users, application users, groups, domains, and identity providers. </li> <li> Rename the organization. </li> <li> Delete the organization. </li> </ul> |
| Super admin | None | <ul> <li> Completely unrestricted access to all organization resources and settings, including: all units and projects, billing information, the authentication policy, [other super admin](/docs/platform/howto/manage-permissions#make-users-super-admin), organization users, application users, groups, domains, and identity providers. </li> <li> Rename the organization. </li> <li> Delete the organization. </li> </ul> |
| Admin | `role:organization:admin` | <ul> <li> Full access to the organization. </li> <li> View and change billing information. </li> <li> Change the authentication policy. </li> <li> Create and delete organizational units and projects. </li> <li> Move projects within an organization and to other organizations. </li> <li> Invite, deactivate, and remove organization users. </li> <li> Create, edit, and delete groups. </li> <li> Create and delete application users and their tokens. </li> <li> Add and remove domains. </li> <li> Add, enable, disable, and remove identity providers. </li> </ul> Cannot delete an organization or manage its super admin. |

### Organization permissions

Expand Down