Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-24 09:28:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 32

revert doc to allow full feature merge

Browse source
This commit is contained in:
Jacob Shandling 2023-07-28 13:57:14 -07:00
parent 0c0ff35a37
commit 84c22e57c6
1 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
docs/Using Fleet/manage-access.md
View file

@ -10,12 +10,12 @@ Users with the admin role receive all permissions.
### Maintainer
Maintainers can manage most entities in Fleet, like queries, policies and labels.
Maintainers can manage most entities in Fleet, like queries, policies, labels and schedules.
Unlike admins, maintainers cannot edit higher level settings like application configuration, teams or users.
### Observer
The Observer role is a read-only role. It can access most entities in Fleet, like queries, policies, labels, application configuration, teams, etc.
The Observer role is a read-only role. It can access most entities in Fleet, like queries, policies, labels, schedules, application configuration, teams, etc.
They can also run queries configured with the `observer_can_run` flag set to `true`.
### Observer+
@ -51,6 +51,7 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines.
| Run any query as [live query](https://fleetdm.com/docs/using-fleet/fleet-ui#run-a-query) against all hosts | | ✅ | ✅ | ✅ | |
| Create, edit, and delete queries | | | ✅ | ✅ | ✅ |
| View all queries\** | ✅ | ✅ | ✅ | ✅ | |
| Add, edit, and remove queries from all schedules | | | ✅ | ✅ | ✅ |
| Create, edit, view, and delete packs | | | ✅ | ✅ | ✅ |
| View all policies | ✅ | ✅ | ✅ | ✅ | |
| Filter hosts using policies | ✅ | ✅ | ✅ | ✅ | |
@ -99,11 +100,11 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines.
Users in Fleet either have team access or global access.
Users with team access only have access to the [hosts](https://fleetdm.com/docs/using-fleet/rest-api#hosts), [software](https://fleetdm.com/docs/using-fleet/rest-api#software), and [policies](https://fleetdm.com/docs/using-fleet/rest-api#policies) assigned to
Users with team access only have access to the [hosts](https://fleetdm.com/docs/using-fleet/rest-api#hosts), [software](https://fleetdm.com/docs/using-fleet/rest-api#software), [schedules](https://fleetdm.com/docs/using-fleet/fleet-ui#schedule-a-query) , and [policies](https://fleetdm.com/docs/using-fleet/rest-api#policies) assigned to
their team.
Users with global access have access to all
[hosts](https://fleetdm.com/docs/using-fleet/rest-api#hosts), [software](https://fleetdm.com/docs/using-fleet/rest-api#software), [queries](https://fleetdm.com/docs/using-fleet/rest-api#queries), and [policies](https://fleetdm.com/docs/using-fleet/rest-api#policies). Check out [the user permissions
[hosts](https://fleetdm.com/docs/using-fleet/rest-api#hosts), [software](https://fleetdm.com/docs/using-fleet/rest-api#software), [queries](https://fleetdm.com/docs/using-fleet/rest-api#queries), [schedules](https://fleetdm.com/docs/using-fleet/fleet-ui#schedule-a-query) , and [policies](https://fleetdm.com/docs/using-fleet/rest-api#policies). Check out [the user permissions
table](#user-permissions) above for global user permissions.
Users can be a member of multiple teams in Fleet.
@ -119,10 +120,11 @@ Users that are members of multiple teams can be assigned different roles for eac
| Filter software by [vulnerabilities](https://fleetdm.com/docs/using-fleet/vulnerability-processing#vulnerability-processing) | ✅ | ✅ | ✅ | ✅ | |
| Filter hosts by software | ✅ | ✅ | ✅ | ✅ | |
| Filter software | ✅ | ✅ | ✅ | ✅ | |
| Run global and team queries designated "**observer can run**" as live queries against hosts | ✅ | ✅ | ✅ | ✅ | |
| Run queries designated "**observer can run**" as live queries against hosts | ✅ | ✅ | ✅ | ✅ | |
| Run any query as [live query](https://fleetdm.com/docs/using-fleet/fleet-ui#run-a-query) | | ✅ | ✅ | ✅ | |
| Create, edit, and delete team queries | | | ✅ | ✅ | ✅ |
| Create, edit, and delete only **self authored** queries | | | ✅ | ✅ | ✅ |
| View all queries\** | ✅ | ✅ | ✅ | ✅ | |
| Add, edit, and remove queries from the schedule | | | ✅ | ✅ | ✅ |
| View policies | ✅ | ✅ | ✅ | ✅ | |
| View global (inherited) policies | ✅ | ✅ | ✅ | ✅ | |
| Run global (inherited) policies as a live policy | | | ✅ | ✅ | |