diff --git a/docs/platform/concepts/permissions.md b/docs/platform/concepts/permissions.md index 81950a28..e0836eb4 100644 --- a/docs/platform/concepts/permissions.md +++ b/docs/platform/concepts/permissions.md @@ -20,20 +20,20 @@ Permissions are not yet fully supported in the Aiven Console. They are intended use with the Aiven API, Aiven Provider for Terraform, and Aiven Operator for Kubernetes. ::: -## Organization roles +## Organization roles and permissions -You can grant the following roles to principals at the organization level. The permissions -for each role apply to the organization and all units, projects, and services within it. +You can grant the following roles and permissions to principals at the organization level. +Roles and permissions at this level apply to the organization and all units, projects, +and services within it. + +### Organization roles | Console name | API name | Permissions | | ------------------- | -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Admin | `role:organization:admin` | | | Organization member | `role:organization:member` | Non-managed users can: This is the default role assigned to all organization users. | -## Organization permissions - -You can grant the following permissions to principals. The actions listed for each -permission apply to the organization and all units, projects, and services within it. +### Organization permissions | Console name | API name | Allowed actions | | ------------------------------- | -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -52,10 +52,11 @@ permission apply to the organization and all units, projects, and services withi | Manage projects | `organization:projects:write` | No access to other project settings or services. | -## Project roles +## Project roles and permissions +You can grant the following permissions to principals. Roles and permissions granted at +this level apply to the project and all services within it. -You can grant the following roles for projects to principals. The permissions for each -role apply to the project and all services within it. +### Project roles | Console name | API name | Permissions | | ------------ | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | @@ -64,13 +65,7 @@ role apply to the project and all services within it. | Operator | `operator` | | | Read only | `read_only` | | -Project admin do not have access to organization settings such as billing unless -they are also a [super admin](/docs/platform/howto/make-super-admin). - -## Project and service permissions - -You can grant the following permissions to principals. The actions listed for each -permission apply to the project and all services within it. +### Project permissions | Console name | API name | Allowed actions | | ------------------------- | --------------------------- | ------------------------------------------------------------------------------------------------- |