Skip to content

Commit

Permalink
Added RBAC docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@ntotten
ntotten committed Jul 8, 2024
1 parent 9cde216 commit 1275b37
Show file tree
Hide file tree
Showing 25 changed files with 386 additions and 43 deletions.
4 changes: 3 additions & 1 deletion .vscode/settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,9 @@
},
"markdown.validate.enabled": true,
"markdown.copyFiles.destination": {
"/docs/**/*": "../../public/media/${documentBaseName}/image.${fileExtName}"
"/docs/*/*": "../../public/media/${documentBaseName}/image.${fileExtName}",
"/docs/*/*/*": "../../../public/media/${documentBaseName}/image.${fileExtName}",
"/docs/*/*/*/*": "../../../../public/media/${documentBaseName}/image.${fileExtName}"
},
"cSpell.words": ["Amberflo", "asns", "Moesif", "overridable", "Supabase"]
}
25 changes: 25 additions & 0 deletions docs/articles/accounts/billing.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
---
title: Zuplo Billing
sidebar_label: Billing
---

The "Upgrade & Billing" page in the Zuplo dashboard allows you to subscribe to a
Zuplo plan, update your payment method, and view your billing history.

Zuplo uses Stripe to process payments. When you subscribe to a Zuplo plan, you
will be redirected to the Stripe checkout page to enter your payment
information. Once your payment is processed, you will be redirected back to the
Zuplo dashboard.

## Update Payment Method

When you navigate to the "Upgrade & Billing" page, you will see a link to manage
your existing subscription. Clicking this link will take you to the Stripe
checkout page where you can update your payment method.

::: note Enterprise Plans

Enterprise plans are setup with custom billing and cannot be managed through the
portal. Contact your account representative for questions or assistance.

:::
46 changes: 46 additions & 0 deletions docs/articles/accounts/managing-account-members.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
---
title: Managing Account Members
---

Accounts can be shared with many users. This document explains how to add and
manage users in your account.

To start, navigate to the account settings page by clicking on your user icon in
the top right corner of the screen and selecting "Settings" from the dropdown
menu.

The view will display the users that are currently members of the account and
their roles.

![Members](../../../public/media/managing-account-members/image.png)

On the top of the page, you can enter an email address of the user you want to
invite. For accounts with the enterprise role feature, users are added to the
account with the role of "Member", for all other accounts users are added with
the role of "Admin".

![Invite User](../../../public/media/managing-account-members/image-1.png)

After inviting a user, you will see the invited user in the list with the
members.

![Invited User](../../../public/media/managing-account-members/image-2.png)

Once a user has accepted the invitation, you can change their role by selecting
the role from the drop down.

:::info Paid Add-on

Roles are available as a paid add-on as part of enterprise plans. For plans
without this feature, users are always set to the "Admin" role. For more
information contact [sales@zuplo.com](mailto:sales@zuplo.com).

:::

![Change Role](../../../public/media/managing-account-members/image-3.png)

## Removing a Member

To remove a user from the account, click on the remove icon next to the user.

![Remove Member](../../../public/media/managing-account-members/image-4.png)
38 changes: 38 additions & 0 deletions docs/articles/accounts/managing-project-members.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
---
title: Managing Project Members
---

Projects can have multiple members with different roles. Some account level
roles allow access to project resources as well. Users can also be assigned
project level roles in order to grant them access to specific project resources.

To manage project members, navigate to the project settings page and click on
the "Members" tab. Here you can see a list of all members in the project and
their roles.

![Project Members](../../../public/media/managing-project-members/image-1.png)

This list will display all account members - even those who have no access to
the project.

Account admins will always have access to all projects. If you try to change the
role of an account admin, you will see a warning message that this user is an
account admin and cannot be changed.

For users who are not account admins, you can change their role by selecting the
desired role from the dropdown.

:::info Paid Add-on

Roles are available as a paid add-on as part of enterprise plans. For plans
without this feature, all account members will have access to all projects. For
more information contact [sales@zuplo.com](mailto:sales@zuplo.com).

:::

![Member Role](../../../public/media/managing-project-members/image-2.png)

## Remove Project Member

Removing a project member can be done by selecting "No Access" from the role
drop down.
28 changes: 28 additions & 0 deletions docs/articles/accounts/members-and-roles.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
title: Members & Roles
sidebar_label: Overview
---

:::info Paid Add-on

Roles are available as a paid add-on as part of enterprise plans. For more
information contact [sales@zuplo.com](mailto:sales@zuplo.com).

:::

Accounts in Zuplo can have multiple members with different roles. The role of
each member defines the permissions they have in the account.

Projects in Zuplo can also have multiple members with different roles. Some
account level roles allow access to project resources as well. Users can also be
assigned project level roles in order to grant them access to specific project
resources.

See the

Additional Resources:

- [Role Permissions](./roles-permissions.md) for details on the roles available
at the account and project levels.
- [Managing Account Members](./managing-account-members.md)
- [Managing Project Members](./managing-project-members.md)
116 changes: 116 additions & 0 deletions docs/articles/accounts/roles-and-permissions.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,116 @@
---
title: Role Permissions
---

:::info Paid Add-on

Roles are available as a paid add-on as part of enterprise plans. For more
information contact [sales@zuplo.com](mailto:sales@zuplo.com).

_The specific permissions of each role are currently in beta and may change
without notice._

:::

Accounts in Zuplo can have multiple members with different roles. Each account
member can be a role that defines the permissions they have in the account.

The following roles are available at the account level:

- **Admin**: Admins have full access to the account and can manage all aspects
of the account, including billing, members, and roles. Admins can also access
all projects and environments in the Account.
- **Developer**: Developers can create and manage projects and environments in
the account. They also have wide access to resources such as tunnels, custom
domains, API key buckets, etc. Developers can edit preview and development
resources, but not production resources.
- **Member**: Members of an account do not have any account level or project
level permissions. Members can be granted project level permissions by an
admin.

Projects can have multiple members with different roles. Some account level
roles also grant access to project resources. Users can also be assigned project
level roles to grant them access to specific project resources.

The following roles are available at the project level:

- **Admin**: Admins have full access to the project and can manage all aspects
of the project, including environment variables, secrets, and members.
- **Developer**: Developers have access to all preview and development resources
in a project. They cannot modify production resources.
- **Member**: Members of a project can view resources in the project but cannot
modify them.

## Account Role Permissions

The following table outlines the permissions available to each account role.

| Resource | Action | Admin | Developer | Member |
| -------------- | --------------- | ----- | --------- | ------ |
| Account | Edit ||||
| | View ||||
| Projects | Edit ||||
| | View ||||
| Custom Domains | Edit ||||
| | View ||||
| Tunnels | Edit ||||
| | View ||||
| Zuplo API Keys | Edit (All Keys) ||||
| | View (All Keys) ||||
| Zuplo API Keys | Edit (Own Keys) ||||
| | View (Own Keys) ||||
| Billing | Manage ||||
| Usage | View ||||
| Members | Edit ||||
| | View ||||

## Project Role Permissions

The following table outlines the permissions available to each project role.

| Resource | Environment | Action | Admin | Developer | Member |
| --------------------- | ----------- | ------ | ----- | --------- | ------ |
| Project | | Edit ||||
| | | View ||||
| Environment | Production | Edit ||||
| | | View ||||
| | | Deploy ||||
| | Preview | Edit ||||
| | | View ||||
| | | Deploy ||||
| | Development | Edit ||||
| | | View ||||
| | | Deploy ||||
| Environment Variables | Production | Edit ||||
| | | View ||||
| | Preview | Edit ||||
| | | View ||||
| | Development | Edit ||||
| | | View ||||
| Source Control | N/A | Edit ||||
| | | View ||||
| Members | N/A | Edit ||||
| | | View ||||
| Custom Domains | N/A | Edit ||||
| | | View ||||
| Logs | Production | View ||||
| | Preview | View ||||
| | Development | View ||||
| Builds | Production | View ||||
| | Preview | View ||||
| | Development | View ||||
| Analytics | Production | View ||||
| | Preview | View ||||
| | Development | View ||||
| API Key Buckets | Production | Edit ||||
| | | View ||||
| | Preview | Edit ||||
| | | View ||||
| | Development | Edit ||||
| | | View ||||
| Monetization Buckets | Production | Edit ||||
| | | View ||||
| | Preview | Edit ||||
| | | View ||||
| | Development | Edit ||||
| | | View ||||
106 changes: 106 additions & 0 deletions docs/articles/accounts/zuplo-api-keys.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
---
title: Zuplo API Keys
sidebar_label: API Keys
---

The Zuplo Developer API (https://dev.zuplo.com) allows you to programmatically
interact with Zuplo. To access the API, you need to create an API key.

API keys are used to authenticate requests to the Zuplo API. They are unique to
your account and should be kept secret. Do not share your API key in publicly
accessible areas such as GitHub repositories.

## Creating an API Key

To start, navigate to the account settings page by clicking on your user icon in
the top right corner of the screen and selecting "Settings" from the dropdown
menu. Click the "API Keys" tab to view the API keys in your account that you
have access to.

![API Keys](../../../public/media/zuplo-api-keys/image.png)

::: note Required Role

Account admins can view and manage all API keys in the account. Developers can
only view their own API keys. Members do not have access to API keys.

:::

Select the "Create API Key" button to create a new API key. You can enter a
label, expiration, and select the permissions for your new API key.

:::info Paid Add-on

Fine-grain API keys are only available as a paid add-on as part of enterprise
plans. For plans without this feature, API Keys will have all permissions. For
more information contact [sales@zuplo.com](mailto:sales@zuplo.com).

:::

![Create API Key](../../../public/media/zuplo-api-keys/image-1.png)

## Editing an API Key

API Keys are immutable once created. If you need to change the permissions you
will need to create a new API key.

## Deleting an API Key

API Keys can be deleted by selecting the delete button on the list page or by
opening the details page for the key and clicking the "Delete" button at the
bottom of the page.

![Delete API Key](../../../public/media/zuplo-api-keys/image-2.png)

## API Key Permissions

:::info Paid Add-on

Fine-grain API keys are only available as a paid add-on as part of enterprise
plans. For plans without this feature, API Keys will have all permissions. For
more information contact [sales@zuplo.com](mailto:sales@zuplo.com).

:::

The following table outlines the permissions available to each API key.

### Project Access

API Keys can be scoped to all projects or specific projects in the account.
Selecting All Projects will also grant all project level permissions to that
key. If you want to customize the project level permissions, scope the key to
one or more projects.

![Project Access](../../../public/media/zuplo-api-keys/image-3.png)

### Environment Access

API Keys can be scoped to all environments or specific environments within the
projects they have access to. You can select one or more environments. For
example, if you want to restrict a key to only have access to only access
preview and development environments, you can select only those two
environments.

![Environment Access](../../../public/media/zuplo-api-keys/image-4.png)

### Project permissions

When API Keys are scoped to specific projects, you can select the permissions
the key has in that project. For each permission select the level of access
desired from the drop down.

![Project permissions](../../../public/media/zuplo-api-keys/image-5.png)

### Account permissions

API Keys can be granted account level permissions. These permissions are for
account level resources like custom domains, tunnels, etc. For each permission
select the level of access desired from the drop down.

![Account permissions](../../../public/media/zuplo-api-keys/image-6.png)

When selecting permissions for API Key Buckets or Monetization Buckets, the
environment type scope is also applied. For example, if your key has access to
preview environments and has Read and Write access to API Key buckets, that key
can only read and write to API Key buckets in the preview environments - it
cannot modify buckets used in production environments.
Loading

0 comments on commit 1275b37

Please sign in to comment.