From 1d0ab5650be83fab82e2611bdae45c4035cfbd48 Mon Sep 17 00:00:00 2001
From: Ian Littman <iansltx@gmail.com>
Date: Mon, 4 Nov 2024 12:35:49 -0600
Subject: [PATCH] Docs: Note permissions distinction between global policy
 automations and software install (#19551) and script execution (#17129)
 policy automations (#23447)

Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com>
---
 articles/role-based-access.md | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/articles/role-based-access.md b/articles/role-based-access.md
index e7132e3697..72e39c0bb1 100644
--- a/articles/role-based-access.md
+++ b/articles/role-based-access.md
@@ -64,7 +64,9 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines.
 | Filter hosts using policies                                                                                                                | ✅       | ✅         | ✅         | ✅    |         |
 | Create, edit, and delete policies for all hosts                                                                                            |          |            | ✅         | ✅    | ✅      |
 | Create, edit, and delete policies for all hosts assigned to team\*                                                                         |          |            | ✅         | ✅    | ✅      |
-| Manage [policy automations](https://fleetdm.com/docs/using-fleet/automations#policy-automations)                                           |          |            |            | ✅    | ✅      |
+| Edit global ("All teams") policy automations                  |          |            |            | ✅    | ✅      |
+| Edit team policy automations: calendar events, install software, and run script\* |          |            | ✅         | ✅    | ✅      |
+| Edit team policy automations: other workflows (tickets and webhooks)\*                 |          |            |            | ✅    | ✅      |
 | Create, edit, view, and delete users                                                                                                       |          |            |            | ✅    |         |
 | Add and remove team users\*                                                                                                                |          |            |            | ✅    | ✅      |
 | Create, edit, and delete teams\*                                                                                                           |          |            |            | ✅    | ✅      |
@@ -146,7 +148,8 @@ Users with access to multiple teams can be assigned different roles for each tea
 | Run global (inherited) policies as a live policy                                                                                 |               | ✅             | ✅              | ✅         |             |
 | Filter hosts using policies                                                                                                      | ✅            | ✅             | ✅              | ✅         |             |
 | Create, edit, and delete team policies                                                                                           |               |                | ✅              | ✅         | ✅          |
-| Manage [policy automations](https://fleetdm.com/docs/using-fleet/automations#policy-automations)                                 |               |                |                 | ✅         | ✅          |
+| Edit team policy automations: calendar events, install software, and run script |          |            | ✅         | ✅    | ✅      |
+| Edit team policy automations: other workflows (tickets and webhooks)                 |          |            |            | ✅    | ✅      |
 | Add and remove team users                                                                                                        |               |                |                 | ✅         | ✅          |
 | Edit team name                                                                                                                   |               |                |                 | ✅         | ✅          |
 | Create, edit, and delete [team enroll secrets](https://fleetdm.com/docs/using-fleet/rest-api#get-enroll-secrets-for-a-team)      |               |                | ✅              | ✅         |             |
@@ -179,6 +182,6 @@ Users with access to multiple teams can be assigned different roles for each tea
 <meta name="category" value="guides">
 <meta name="authorGitHubUsername" value="noahtalerman">
 <meta name="authorFullName" value="Noah Talerman">
-<meta name="publishedOn" value="2024-08-10">
+<meta name="publishedOn" value="2024-10-31">
 <meta name="articleTitle" value="Role-based access">
 <meta name="description" value="Learn about the different roles and permissions in Fleet.">