From 5a45411e59f4c6d3b718fe3ebde9c83579d7f4d8 Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Mon, 22 Jul 2024 09:41:16 -0700 Subject: [PATCH] Permissions changes for #19055 (#20624) Global observer/+ can no longer run saved scripts. --------- Co-authored-by: Rachael Shaw --- docs/Using Fleet/manage-access.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/Using Fleet/manage-access.md b/docs/Using Fleet/manage-access.md index 5f9457988f..b472b33539 100644 --- a/docs/Using Fleet/manage-access.md +++ b/docs/Using Fleet/manage-access.md @@ -92,10 +92,9 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines. | View all [MDM settings](https://fleetdm.com/docs/using-fleet/mdm-macos-settings) | | | | ✅ | ✅ | | Edit setup experience (end user authentication, bootstrap package, Setup Assistant)\* | | | ✅ | ✅ | ✅ | | Edit end user license agreement (EULA)\* | | | | ✅ | | -| Run arbitrary scripts on hosts | | | ✅ | ✅ | | -| View saved scripts | ✅ | ✅ | ✅ | ✅ | | -| Edit/upload saved scripts | | | ✅ | ✅ | ✅ | -| Run saved scripts on hosts | ✅ | ✅ | ✅ | ✅ | | +| Run scripts on hosts | | | ✅ | ✅ | | +| View saved scripts\* | ✅ | ✅ | ✅ | ✅ | | +| Edit/upload saved scripts\* | | | ✅ | ✅ | ✅ | | Lock, unlock, and wipe hosts\* | | | ✅ | ✅ | | \* Applies only to Fleet Premium @@ -165,10 +164,9 @@ Users with access to multiple teams can be assigned different roles for each tea | View metadata of MDM macOS bootstrap packages | | | ✅ | ✅ | | | Edit/upload MDM macOS bootstrap packages | | | ✅ | ✅ | ✅ | | Enable/disable MDM macOS setup end user authentication | | | ✅ | ✅ | ✅ | -| Run arbitrary scripts on hosts | | | ✅ | ✅ | | +| Run scripts on hosts | | | ✅ | ✅ | | | View saved scripts | ✅ | ✅ | ✅ | ✅ | | | Edit/upload saved scripts | | | ✅ | ✅ | | -| Run saved scripts on hosts | ✅ | ✅ | ✅ | ✅ | | | View script details by host | ✅ | ✅ | ✅ | ✅ | | | Lock, unlock, and wipe hosts | | | ✅ | ✅ | |