From 84c22e57c639b05c4173657eb9562d94ba8d9db3 Mon Sep 17 00:00:00 2001 From: Jacob Shandling Date: Fri, 28 Jul 2023 13:57:14 -0700 Subject: [PATCH] revert doc to allow full feature merge --- docs/Using Fleet/manage-access.md | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/docs/Using Fleet/manage-access.md b/docs/Using Fleet/manage-access.md index 3d260d3f2a..b5e30ab384 100644 --- a/docs/Using Fleet/manage-access.md +++ b/docs/Using Fleet/manage-access.md @@ -10,12 +10,12 @@ Users with the admin role receive all permissions. ### Maintainer -Maintainers can manage most entities in Fleet, like queries, policies and labels. +Maintainers can manage most entities in Fleet, like queries, policies, labels and schedules. Unlike admins, maintainers cannot edit higher level settings like application configuration, teams or users. ### Observer -The Observer role is a read-only role. It can access most entities in Fleet, like queries, policies, labels, application configuration, teams, etc. +The Observer role is a read-only role. It can access most entities in Fleet, like queries, policies, labels, schedules, application configuration, teams, etc. They can also run queries configured with the `observer_can_run` flag set to `true`. ### Observer+ @@ -51,6 +51,7 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines. | Run any query as [live query](https://fleetdm.com/docs/using-fleet/fleet-ui#run-a-query) against all hosts | | ✅ | ✅ | ✅ | | | Create, edit, and delete queries | | | ✅ | ✅ | ✅ | | View all queries\** | ✅ | ✅ | ✅ | ✅ | | +| Add, edit, and remove queries from all schedules | | | ✅ | ✅ | ✅ | | Create, edit, view, and delete packs | | | ✅ | ✅ | ✅ | | View all policies | ✅ | ✅ | ✅ | ✅ | | | Filter hosts using policies | ✅ | ✅ | ✅ | ✅ | | @@ -99,11 +100,11 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines. Users in Fleet either have team access or global access. -Users with team access only have access to the [hosts](https://fleetdm.com/docs/using-fleet/rest-api#hosts), [software](https://fleetdm.com/docs/using-fleet/rest-api#software), and [policies](https://fleetdm.com/docs/using-fleet/rest-api#policies) assigned to +Users with team access only have access to the [hosts](https://fleetdm.com/docs/using-fleet/rest-api#hosts), [software](https://fleetdm.com/docs/using-fleet/rest-api#software), [schedules](https://fleetdm.com/docs/using-fleet/fleet-ui#schedule-a-query) , and [policies](https://fleetdm.com/docs/using-fleet/rest-api#policies) assigned to their team. Users with global access have access to all -[hosts](https://fleetdm.com/docs/using-fleet/rest-api#hosts), [software](https://fleetdm.com/docs/using-fleet/rest-api#software), [queries](https://fleetdm.com/docs/using-fleet/rest-api#queries), and [policies](https://fleetdm.com/docs/using-fleet/rest-api#policies). Check out [the user permissions +[hosts](https://fleetdm.com/docs/using-fleet/rest-api#hosts), [software](https://fleetdm.com/docs/using-fleet/rest-api#software), [queries](https://fleetdm.com/docs/using-fleet/rest-api#queries), [schedules](https://fleetdm.com/docs/using-fleet/fleet-ui#schedule-a-query) , and [policies](https://fleetdm.com/docs/using-fleet/rest-api#policies). Check out [the user permissions table](#user-permissions) above for global user permissions. Users can be a member of multiple teams in Fleet. @@ -119,10 +120,11 @@ Users that are members of multiple teams can be assigned different roles for eac | Filter software by [vulnerabilities](https://fleetdm.com/docs/using-fleet/vulnerability-processing#vulnerability-processing) | ✅ | ✅ | ✅ | ✅ | | | Filter hosts by software | ✅ | ✅ | ✅ | ✅ | | | Filter software | ✅ | ✅ | ✅ | ✅ | | -| Run global and team queries designated "**observer can run**" as live queries against hosts | ✅ | ✅ | ✅ | ✅ | | +| Run queries designated "**observer can run**" as live queries against hosts | ✅ | ✅ | ✅ | ✅ | | | Run any query as [live query](https://fleetdm.com/docs/using-fleet/fleet-ui#run-a-query) | | ✅ | ✅ | ✅ | | -| Create, edit, and delete team queries | | | ✅ | ✅ | ✅ | +| Create, edit, and delete only **self authored** queries | | | ✅ | ✅ | ✅ | | View all queries\** | ✅ | ✅ | ✅ | ✅ | | +| Add, edit, and remove queries from the schedule | | | ✅ | ✅ | ✅ | | View policies | ✅ | ✅ | ✅ | ✅ | | | View global (inherited) policies | ✅ | ✅ | ✅ | ✅ | | | Run global (inherited) policies as a live policy | | | ✅ | ✅ | |