From f16910fcb3ce327bd86a1921c196fa6d3e56c5e2 Mon Sep 17 00:00:00 2001 From: Martin Cermak <“crudo@crudo.cz”> Date: Wed, 3 Dec 2025 12:47:36 +0100 Subject: [PATCH 1/2] chore(UPM-61578): Fixed HM role names --- .../managing_users/user_roles_authz/roles.mdx | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/product_docs/docs/edb-postgres-ai/1.2/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx b/product_docs/docs/edb-postgres-ai/1.2/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx index 3db1d3d95b..b45e40c85e 100644 --- a/product_docs/docs/edb-postgres-ai/1.2/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx +++ b/product_docs/docs/edb-postgres-ai/1.2/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx @@ -14,21 +14,21 @@ The two main categories of roles are organization-level and project-level. You can assign these roles to human or machine users using the **User Management** option of your user profile menu at the top-right of the navigation bar in the HM console. -### Organization administrator (admin) +### Organization Administrator This role provides read access at the organization level, allowing the user to view information and settings in the organization as a whole. -### Organization owner (owner) +### Organization Owner The purpose of this role is to manage the organization at a high level. Organization owners can create projects and assign organization-level roles to other users. -### Platform administrator (platform admin) +### Platform Administrator This role is for users who need to access and manage the underlying platform components of HM. They can access platform management and monitoring tools. -### GenAI Builder user (GenAI Builder user) +### GenAI Builder Editor This role is for users who work with the GenAI Builder feature of HM, granting them full access to its functions. @@ -36,41 +36,41 @@ This role is for users who work with the GenAI Builder feature of HM, granting t These roles can be assigned to human or machine users (except for estate ingester). Select **Users** in the left navigation when viewing a project. -### Project owner (owner) +### Project Owner In a specific project, the project owner has the highest level of authority. They can take all actions in that project and are responsible for assigning project-level roles to other users. -### Project editor (editor) +### Project Editor This role is for users who need to actively work with the data in a project. Project editors have data read and write access. -### Project viewer (viewer) +### Project Viewer For users who only need to observe the data in a project, the project viewer role provides data read-only access. -### Estate ingester (estate ingester) +### Estate Ingester This role is for machine users and provides access to perform estate ingests in a project. -### Catalog data reader (catalog data reader) +### Catalog Data Reader Users with this role can read the Iceberg namespace/table/view of project-scoped catalogs. -### Catalog data writer (catalog data writer) +### Catalog Data Writer This role allows users to read, write, and delete the Iceberg namespace/table/view of all project-scoped catalogs in a project. -### Migration Portal projects owner +### Migration Portal Projects Owner This role is for users who manage Migration Portal projects in an HM project. They can create, read, update, and delete these projects. -### Migration Portal projects editor +### Migration Portal Projects Editor Users with this role can read and update Migration Portal projects in an HM project. -### Migration Portal projects viewer +### Migration Portal Projects Viewer -This role provides read-only access to Migration Portal projects in an HM project. \ No newline at end of file +This role provides read-only access to Migration Portal projects in an HM project. From 411d5ec9c1a372f1563615292583633b69299ca4 Mon Sep 17 00:00:00 2001 From: Guang Yi Xu Date: Thu, 4 Dec 2025 19:00:42 +0800 Subject: [PATCH 2/2] chore(UPM-61578): rollback HM 1.2 doc change; add preview doc change for authz and permission matrix --- .../managing_users/user_roles_authz/roles.mdx | 30 +++++------ .../managing_users/user_roles_authz/authz.mdx | 53 ++++++++++--------- .../managing_users/user_roles_authz/roles.mdx | 34 ++++++------ 3 files changed, 60 insertions(+), 57 deletions(-) diff --git a/product_docs/docs/edb-postgres-ai/1.2/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx b/product_docs/docs/edb-postgres-ai/1.2/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx index b45e40c85e..42c33d1140 100644 --- a/product_docs/docs/edb-postgres-ai/1.2/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx +++ b/product_docs/docs/edb-postgres-ai/1.2/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx @@ -14,21 +14,21 @@ The two main categories of roles are organization-level and project-level. You can assign these roles to human or machine users using the **User Management** option of your user profile menu at the top-right of the navigation bar in the HM console. -### Organization Administrator +### Organization administrator (admin) This role provides read access at the organization level, allowing the user to view information and settings in the organization as a whole. -### Organization Owner +### Organization owner (owner) The purpose of this role is to manage the organization at a high level. Organization owners can create projects and assign organization-level roles to other users. -### Platform Administrator +### Platform administrator (platform admin) This role is for users who need to access and manage the underlying platform components of HM. They can access platform management and monitoring tools. -### GenAI Builder Editor +### GenAI Builder user (GenAI Builder user) This role is for users who work with the GenAI Builder feature of HM, granting them full access to its functions. @@ -36,41 +36,41 @@ This role is for users who work with the GenAI Builder feature of HM, granting t These roles can be assigned to human or machine users (except for estate ingester). Select **Users** in the left navigation when viewing a project. -### Project Owner +### Project owner (owner) -In a specific project, the project owner has the highest level of authority. +In a specific project, the project owner has the highest level of authority. They can take all actions in that project and are responsible for assigning project-level roles to other users. -### Project Editor +### Project editor (editor) -This role is for users who need to actively work with the data in a project. +This role is for users who need to actively work with the data in a project. Project editors have data read and write access. -### Project Viewer +### Project viewer (viewer) For users who only need to observe the data in a project, the project viewer role provides data read-only access. -### Estate Ingester +### Estate ingester (estate ingester) This role is for machine users and provides access to perform estate ingests in a project. -### Catalog Data Reader +### Catalog Data data reader (catalog data reader) Users with this role can read the Iceberg namespace/table/view of project-scoped catalogs. -### Catalog Data Writer +### Catalog Data data writer (catalog data writer) This role allows users to read, write, and delete the Iceberg namespace/table/view of all project-scoped catalogs in a project. -### Migration Portal Projects Owner +### Migration Portal projects owner This role is for users who manage Migration Portal projects in an HM project. They can create, read, update, and delete these projects. -### Migration Portal Projects Editor +### Migration Portal projects editor Users with this role can read and update Migration Portal projects in an HM project. -### Migration Portal Projects Viewer +### Migration Portal projects viewer This role provides read-only access to Migration Portal projects in an HM project. diff --git a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/authz.mdx b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/authz.mdx index 9e4f802ec9..2280a72bb9 100644 --- a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/authz.mdx +++ b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/authz.mdx @@ -6,32 +6,35 @@ description: See what the predefined Hybrid Manager user roles are authorized to Authorization of these user roles follows a role-based access control (RBAC) model with the restrictions applying to a specific scope—either within one project or within one account. -The following list doesn't cover Postgres cluster database authorization. +The following list doesn't cover Postgres cluster database authorization. Currently, you can't create custom roles. Only these 11 predefined roles are available. -| Permissions | Org admin | Org owner | Platform admin | GenAI Builder user | Project owner | Project editor | Project viewer | Estate ingester | Catalog data reader | Catalog data writer | -| -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -| Access GenAI Builder (launchpad) | | | | X | | | | | | | -| Configure GenAI Builder | | | X | | | | | | | | -| Access Ops apps (launchpad) | | | X | | | | | | | | -| View projects within the org | X | X | | | | | | | | | -| Update and delete projects | | X | | | | | | | | | -| View roles assigned at the project level | X | X | | | X | X | | | | | -| View activity log for the org | X | X | | | | | | | | | -| View and download usage report for the project | | X | | | X | X | | | | | -| View and download usage report the the org | X | X | | | | | | | | | -| Create projects within the org | | X | | | | | | | | | -| Assign project roles | | X | | | X | | | | | | -| Create, edit, and delete clusters | | | | | X | X | | | | | -| View clusters, backups, estates, and migrations | | | | | X | X | X | | | | -| Assign org roles | | X | | | | | | | | | -| View activity log for the project| | X | | | X | X | | | | | -| View, edit, and delete owned projects| | | | | X | | | | | | -| Ingest self-managed Postgres cluster data | | | | | | | | X* | | | -| Create, update, and delete catalog | | | | | X | X | | | | | -| Read catalog | | | | | | | X | | | | -| Read Iceberg data | | | | | | | | | X | X | -| Write and delete Iceberg data| | | | | | | | | | X | +| Permissions | Organization Administrator | Organization Owner | Platform Admin | Project Owner | Project Editor | Project Viewer | Estate Ingester | GenAI Builder Editor | Catalog Data reader | Catalog Data writer | Migration Portal Projects Owner | Migration Portal Projects Editor | Migration Portal Projects Viewer | +|------------------------------------------------------------|----------------------------|--------------------|----------------|---------------|----------------|----------------|-----------------|----------------------|---------------------|---------------------|---------------------------------|----------------------------------|----------------------------------| +| Access GenAI Builder | | | | | | | | X | | | | | | +| Configure GenAI Builder | | | | X | | | | | | | | | | +| Access Ops apps (launchpad) | | | X | | | | | | | | | | | +| View projects within the org | X | X | | | | | | | | | | | | +| Update and delete projects | | X | | | | | | | | | | | | +| View roles assigned at the project level | X | X | | X | X | | | | | | | | | +| View activity log for the org | X | X | | | | | | | | | | | | +| View and download usage report for the project | | X | | X | X | | | | | | | | | +| View and download usage report the the org | X | X | | | | | | | | | | | | +| Create projects within the org | | X | | | | | | | | | | | | +| Assign project roles | | X | | X | | | | | | | | | | +| Create, edit, and delete clusters | | | | X | X | | | | | | | | | +| View clusters, backups, estates, and migrations | | | | X | X | X | | | | | | | | +| Assign org roles | | X | | | | | | | | | | | | +| View activity log for the project | | X | | X | X | | | | | | | | | +| View, edit, and delete owned projects | | | | X | | | | | | | | | | +| Ingest self-managed Postgres cluster data | | | | | | | X* | | | | | | | +| Create, update, and delete catalog | | | | X | X | | | | | | | | | +| Read catalog | | | | | | X | | | | | | | | +| Read Iceberg data | | | | | | | | | X | X | | | | +| Write and delete Iceberg data | | | | | | | | | | X | | | | +| View Migration Portal projects | | | | | | | | | | | X | X | X | +| View and update Migration Portal projects | | | | | | | | | | | | X | X | +| View, update, create, and delete Migration Portal projects | | | | | | | | | | | | | X | -* Only machine-users can be assigned to ingest self-managed cluster data. \ No newline at end of file +* Only machine-users can be assigned to ingest self-managed cluster data. diff --git a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx index 3db1d3d95b..b78f370961 100644 --- a/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx +++ b/product_docs/docs/edb-postgres-ai/preview/hybrid-manager/using_hybrid_manager/managing_users/user_roles_authz/roles.mdx @@ -14,63 +14,63 @@ The two main categories of roles are organization-level and project-level. You can assign these roles to human or machine users using the **User Management** option of your user profile menu at the top-right of the navigation bar in the HM console. -### Organization administrator (admin) +### Organization Administrator This role provides read access at the organization level, allowing the user to view information and settings in the organization as a whole. -### Organization owner (owner) +### Organization Owner The purpose of this role is to manage the organization at a high level. Organization owners can create projects and assign organization-level roles to other users. -### Platform administrator (platform admin) +### Platform Administrator This role is for users who need to access and manage the underlying platform components of HM. They can access platform management and monitoring tools. -### GenAI Builder user (GenAI Builder user) +### AI Model Manager -This role is for users who work with the GenAI Builder feature of HM, granting them full access to its functions. +This role is for users who work with the AI model and model service feature of HM, granting them full access to its functions. ## Project-level roles These roles can be assigned to human or machine users (except for estate ingester). Select **Users** in the left navigation when viewing a project. -### Project owner (owner) +### Project Owner -In a specific project, the project owner has the highest level of authority. +In a specific project, the project owner has the highest level of authority. They can take all actions in that project and are responsible for assigning project-level roles to other users. -### Project editor (editor) +### Project Editor -This role is for users who need to actively work with the data in a project. +This role is for users who need to actively work with the data in a project. Project editors have data read and write access. -### Project viewer (viewer) +### Project Viewer For users who only need to observe the data in a project, the project viewer role provides data read-only access. -### Estate ingester (estate ingester) +### Estate Ingester This role is for machine users and provides access to perform estate ingests in a project. -### Catalog data reader (catalog data reader) +### Catalog Data Reader Users with this role can read the Iceberg namespace/table/view of project-scoped catalogs. -### Catalog data writer (catalog data writer) +### Catalog Data Writer This role allows users to read, write, and delete the Iceberg namespace/table/view of all project-scoped catalogs in a project. -### Migration Portal projects owner +### Migration Portal Projects Owner This role is for users who manage Migration Portal projects in an HM project. They can create, read, update, and delete these projects. -### Migration Portal projects editor +### Migration Portal Projects Editor Users with this role can read and update Migration Portal projects in an HM project. -### Migration Portal projects viewer +### Migration Portal Projects Viewer -This role provides read-only access to Migration Portal projects in an HM project. \ No newline at end of file +This role provides read-only access to Migration Portal projects in an HM project.