[XP-3328] Add data product permissions (#946)

* [XP-3328] Add data product permissions * Fix wording for custom permissions * PR feedback * Apply suggestions from code review Co-authored-by: Nick <[email protected]> --------- Co-authored-by: Nick <[email protected]>
snowplow · Jul 15, 2024 · dd1fdbc · dd1fdbc
1 parent 5948af0
commit dd1fdbc
Showing 1 changed file with 43 additions and 7 deletions.
diff --git a/docs/using-the-snowplow-console/managing-users/managing-permissions/index.md b/docs/using-the-snowplow-console/managing-users/managing-permissions/index.md
@@ -1,6 +1,5 @@
 ---
 title: "Managing user permissions in Console"
-date: "2022-03-17"
 sidebar_label: "Managing user permissions"
 sidebar_position: 30
 ---
@@ -11,7 +10,14 @@ To set a users permissions, navigate to `Manage users` and then to the user who'
 
 Snowplow console sets permissions for each area of console as summarized below:
 
-<table><tbody><tr><td><strong>Console feature</strong></td><td><strong>Description</strong></td><td><strong>Possible permissions</strong></td></tr><tr><td>User management</td><td>The management and addition of user access. This permission cannot be configured on a Custom role.</td><td><ul><li>No access</li><li>Edit</li><li>Create</li></ul></td></tr><tr><td>Environments</td><td>The management of pipeline and sandbox (Mini) environments. This includes managing which Enrichments run on each environment.</td><td><div></div><ul><li>No access</li><li>View</li><li>Edit</li></ul></td></tr><tr><td>Data structures</td><td>The management and creation of the schemas that define the events and entities you are capturing.</td><td><ul><li>No access</li><li>View</li><li>Edit on development</li><li>Edit on production</li><li>Create</li></ul></td></tr><tr><td>Data models</td><td>The management and creation of your data models.</td><td><ul><li>No access</li><li>View</li><li>Edit</li><li>Create</li></ul></td></tr><tr><td>API keys</td><td>The management and creation of API keys.</td><td><ul><li>View</li><li>Manage</li><li>Create</li></ul></td></tr></tbody></table>
+|**Console feature**|**Description**|**Possible permissions**|
+|-|-|-|
+|User management|The management and addition of user access. This permission cannot be configured on a Custom role.|No access<br/>Edit<br/>Create|
+|Environments|The management of pipeline and sandbox (Mini) environments. This includes managing which Enrichments run on each environment.|No access<br/>View<br/>Edit|
+|Data products|The management and creation of Data Products|No access<br/>View<br/>Edit<br/>Create|
+|Data structures|The management and creation of the schemas that define the events and entities you are capturing.|No access<br/>View<br/>Edit on development<br/>Edit on production<br/>Create|
+|Data models|The management and creation of your data models.|No access<br/>View<br/>Edit<br/>Create|
+|API keys|The management and creation of API keys.|View<br/>Manage<br/>Create|
 
 ## How are permissions set?
 
@@ -21,19 +27,40 @@ There are three ways of setting user permissions:
 
 - Admin (pre-defined role)
 - User (pre-defined role)
-- Custom (custom permissions role) - **custom roles are only available on our Summit tier**
+- Custom (custom permissions role) - **custom roles are only available to customers with access to the fine grained user permissions feature**
 
 #### User permission set
 
-<table><tbody><tr><td><strong>Console feature</strong></td><td><strong>Permissions</strong></td></tr><tr><td>User management</td><td>No access (in the UI)</td></tr><tr><td>Environments</td><td>View access</td></tr><tr><td>Data structures</td><td>Edit on development<br/>Create</td></tr><tr><td>Data models</td><td>View access</td></tr><tr><td>API keys</td><td>View access</td></tr></tbody></table>
+|**Console feature**|**Permissions**|
+|-|-|
+|User management|No access (in the UI)|
+|Environments|View access|
+|Data products|Edit<br/>Create|
+|Data structures|Edit on development<br/>Create|
+|Data models|View access|
+|API keys|View access|
 
 #### Admin permission set
 
-<table><tbody><tr><td><strong>Console feature</strong></td><td><strong>Permissions</strong></td></tr><tr><td>User management</td><td>Full access</td></tr><tr><td>Environments</td><td>Full access</td></tr><tr><td>Data structures</td><td>Full access</td></tr><tr><td>Data models</td><td>Full access</td></tr><tr><td>API keys</td><td>Full access</td></tr></tbody></table>
+|**Console feature**|**Permissions**|
+|-|-|
+|User management|Full access|
+|Environments|Full access|
+|Data products|Full access|
+|Data structures|Full access|
+|Data models|Full access|
+|API keys|Full access|
 
 #### Custom permission set
 
-<table><tbody><tr><td><strong>Console feature</strong></td><td><strong>Permissions</strong></td></tr><tr><td>User management</td><td><em>Customized by you, per user</em></td></tr><tr><td>Environments</td><td><em>Customized by you, per user</em></td></tr><tr><td>Data structures</td><td><em>Customized by you, per user</em></td></tr><tr><td>Data models &amp; jobs</td><td><em>Customized by you, per user</em></td></tr><tr><td>API keys</td><td><em>Customized by you, per user</em></td></tr></tbody></table>
+|**Console feature**|**Permissions**|
+|-|-|
+|User management|Customized by you, per user|
+|Environments|Customized by you, per user|
+|Data products|Customized by you, per user|
+|Data structures|Customized by you, per user|
+|Data models & jobs|Customized by you, per user|
+|API keys|Customized by you, per user|
 
 A note on API keys and permissions
 
@@ -57,11 +84,20 @@ An environment has three permissions:
 - **View** - the user can see the environment management screen, but cannot edit anything. This is the default setting for the User role.
 - **Edit / Publish** - the user can make and publish edits to the environment. This includes configuration such as enrichment enablement, enrichment configuration and collector configuration. This is the default setting for the Admin role.
 
+### Data Products
+
+Data Products have four permissions:
+
+- **No access** - the user will not see the data product management screens.
+- **View** - the user can see the data product management screens, but cannot edit anything. This permission and all data product permissions below require the user to have at least the **view** permission on data structures.
+- **Edit** - the user can see the data product management screens, and can make edits to existing data products.
+- **Create** - the user can create new data products.
+
 ### Data structures
 
 Data structures have five permissions:
 
-- **No access** - the user will not see the data structure management screen
+- **No access** - the user will not see the data structure management screen.
 - **View** - the user can see the data structure management screen, but cannot edit anything.
 - **Edit on development** - the user can see the data structure management screen, and can make edits to data structures but only publish them to the development registry. This is the default setting for the User role.
 - **Edit on production** - the user can see the data structure management screen, and can make edits to data structures, and can publish changes to the production registry. This is the default setting for the Admin role.