Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 01:18:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 59

Update permissions documentation (#2721)

Browse source 
- Removed create/edit/delete enroll secret permissions from team level users
- Update verbiage to clarify the distinction between users with global access and users with team access.
This commit is contained in:
Noah Talerman 2021-10-28 14:27:03 -04:00 committed by GitHub
parent fdb6090203
commit 45c5e29ca0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
docs/01-Using-Fleet/09-Permissions.md
View file

@ -35,16 +35,16 @@ The following table depicts various permissions levels for each role.
| Create labels | | ✅ | ✅ |
| Edit labels | | ✅ | ✅ |
| Delete labels | | ✅ | ✅ |
| Create new global policies | | ✅ | ✅ |
| Delete global policies | | ✅ | ✅ |
| Add policies for all hosts | | ✅ | ✅ |
| Remove policies for all hosts | | ✅ | ✅ |
| Create users | | | ✅ |
| Edit users | | | ✅ |
| Delete users | | | ✅ |
| Edit organization settings | | | ✅ |
| Create enroll secrets | | | ✅ |
| Edit enroll secrets | | | ✅ |
| Edit global level agent options | | | ✅ |
| Edit team level agent options\* | | | ✅ |
| Edit agent options | | | ✅ |
| Edit agent options for hosts assigned to teams\* | | | ✅ |
| Create teams\* | | | ✅ |
| Edit teams\* | | | ✅ |
| Add members to teams\* | | | ✅ |
@ -59,7 +59,9 @@ The following table depicts various permissions levels for each role.
In Fleet 4.0, the Teams feature was introduced.
```
Users either have global access to Fleet or team access to Fleet. Check out [the user permissions table](#user-permissions) above for global user permissions.
Users either have global access or team access in Fleet. Users with global access can observe and act on all hosts in Fleet. Check out [the user permissions table](#user-permissions) above for global user permissions.
Users with team access can only observe and act on hosts that are assigned to their team.
Users can be a member of multiple teams in Fleet.
@ -76,20 +78,14 @@ The following table depicts various permissions levels in a team.
| Target hosts assigned to team using labels | ✅ | ✅ | ✅ |
| Run saved queries as live queries on hosts assigned to team | ✅ | ✅ | ✅ |
| Run custom queries as live queries on hosts assigned to team | | ✅ | ✅ |
| Enroll hosts to member team | | ✅ | ✅ |
| Delete hosts belonging to member team | | ✅ | ✅ |
| Create saved queries | | ✅ | ✅ |
| Enroll hosts to team | | ✅ | ✅ |
| Delete hosts assigned to team | | ✅ | ✅ |
| Create queries | | ✅ | ✅ |
| Edit queries they authored | | ✅ | ✅ |
| Delete queries they authored | | ✅ | ✅ |
| Create new team schedules | | ✅ | ✅ |
| Delete team schedules | | ✅ | ✅ |
| Browse global schedules | | ✅ | ✅ |
| Create new team policies | | ✅ | ✅ |
| Delete team policies | | ✅ | ✅ |
| Browse global policies | | ✅ | ✅ |
| Create enroll secrets that belong to team | | | ✅ |
| Edit enroll secrets that belong to team | | | ✅ |
| Delete enroll secrets that belong to team | | | ✅ |
| Schedule queries for hosts assigned to team | | ✅ | ✅ |
| Add policies for hosts assigned to team | | ✅ | ✅ |
| Remove policies for hosts assigned to team | | ✅ | ✅ |
| Edit users assigned to team | | | ✅ |
| Remove users assigned to team | | | ✅ |
| Edit team level agent options | | | ✅ |
| Edit agent options for hosts assigned to team | | | ✅ |