update: add new project-level permissions

aiven · Nov 12, 2024 · 6a3e29b · 6a3e29b
1 parent 8e735b1
commit 6a3e29b
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 36 deletions.
diff --git a/docs/platform/concepts/permissions.md b/docs/platform/concepts/permissions.md
@@ -30,6 +30,8 @@ You can grant the following roles for projects to principals.
 | Developer         | `developer`                 | <ul> <li> Create databases. </li> <li> View service connection information. </li> <li> Remove Aiven for OpenSearch® indexes. </li> <li> Create and change Aiven for Apache Kafka® topics. </li> <li> Create and change Aiven for PostgreSQL® connection pools. </li> <li> Create and change service database users. </li> </ul> |
 | Operator          | `operator`                  | <ul> <li> View project audit log. </li> <li> View project permissions. </li> <li>  Full access to all services in the project and their configuration. </li> </ul>                                                                                                                                                              |
 | Read only         | `read_only`                 | <ul> <li> View all services and their configuration. </li> </ul>                                                                                                                                                                                                                                                                |
+| Maintain services | `role:services:maintenance` | <ul> <li> Perform service maintenance updates. </li> <li> Change maintenance windows. </li> <li> Upgrade service versions. </li> </ul>                                                                                                                                                                                          |
+| Recover services  | `role:services:recover`     | <ul> <li> Add and remove  dynamic disk sizing and tiered storage. </li> <li> Change service plans. </li> <li> Fork services. </li> <li> Promote read replicas. </li> </ul>                                                                                                                                                      |
 
 Project admin do not have access to organization settings such as billing unless
 they are also a [super admin](/docs/platform/howto/make-super-admin).
@@ -53,5 +55,9 @@ permission apply to the project and all services within it.
 | Manage project networking    | `project:networking:write`    | <ul> <li> Add, edit, and remove project VPCs.  </li> </ul>                                                                                                                                                                                                                                                                                                  |
 | View project permissions     | `project:permissions:read`    | <ul> <li> View all users granted permissions to a project. </li> </ul>                                                                                                                                                                                                                                                                                      |
 | View services                | `project:services:read`       | <ul> <li> View all details for services in a project, except the service logs. </li> </ul>                                                                                                                                                                                                                                                                  |
+| Manage services              | `project:services:write`      | <ul> <li> Create and delete services. </li> <li> Power on and off services. </li> <li> Add and remove dynamic disk sizing and tiered storage. </li> <li> Change service plans. </li> <li> Change cloud regions. </li> <li> Fork services. </li> </ul>                                                                                                       |
 | Manage service configuration | `service:configuration:write` | <ul> <li> Change clouds and regions. </li> <li> Change deployment models. </li> <li> Update IP allowlists. </li> <li> Change the network configuration options. </li> <li> Add and remove service tags. </li> <li> Enable and disable termination protection. </li> <li> Configure backup settings. </li> <li> Add and remove service contacts. </li> </ul> |
+| Access data                  | `service:data:write`          | <ul> <li> Perform service queries through the API and Console. </li> <li> View query statistics and current queries. </li> <li> Manage service-specific features like Kafka Topics and Schemas, PostgreSQL and AlloyDB Omni connection pools, and OpenSearch indexes. </li> </ul>                                                                           |
 | View service logs            | `service:logs:read`           | <ul> <li> View logs for all services in the project. </li> </ul> **Service logs may contain sensitive information.**                                                                                                                                                                                                                                        |
+| View configuration secrets   | `service:secrets:read`        | <ul> <li> Read service configuration secrets such as keys. </li> </ul>                                                                                                                                                                                                                                                                                      |
+| Manage service users         | `service:users:write`         | <ul> <li> Create and delete service users. </li> <li> View and update connection information for services. </li> </ul>                                                                                                                                                                                                                                      |
diff --git a/docs/platform/reference/project-member-privileges.md b/docs/platform/reference/project-member-privileges.md
diff --git a/static/_redirects b/static/_redirects
@@ -77,6 +77,7 @@
 /platform/howto/update-tax-status                      https://aiven.io/docs/platform/concepts/tax-information
 /platform/ip-addresses                                 https://aiven.io/docs/platform/reference/service-ip-address
 /platform/privatelink                                  https://aiven.io/docs/platform/howto/use-aws-privatelinks
+/platform/reference/project-member-privileges          https://aiven.io/docs/platform/concepts/permissions
 /platform/vpc                                          https://aiven.io/docs/platform/howto/manage-vpc-peering
 /products/caching/concepts                             https://aiven.io/docs/docs/products/caching/concepts/high-availability-redis
 /products/caching/concepts/overview                    https://aiven.io/docs/products/caching