Refresh RBAC org-level defaults: add Organization-wide role settings page#19822
Draft
jkodroff wants to merge 16 commits into
Draft
Refresh RBAC org-level defaults: add Organization-wide role settings page#19822jkodroff wants to merge 16 commits into
jkodroff wants to merge 16 commits into
Conversation
…efaults Gives org-level defaults their own nav page that documents every option in the Organization-wide role settings panel (Settings > Access management > Roles tab > View organization-wide role settings), explains how the defaults trickle down via the additive RBAC model, and consolidates the previously scattered/outdated content from roles.md, _index.md, scopes.md, permission-sets.md, and teams.md into references to the new page. Replaces the outdated "set a custom role as default role" mechanism and corrects all UI navigation references. Fixes #19813 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Collaborator
|
Your site preview for commit 0bd7d22 is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-19822-0bd7d220.s3-website.us-west-2.amazonaws.com |
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…lout, owner note Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…tion Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Custom roles replace the Member baseline rather than stacking on it; fix the earlier additive-union framing per the pulumi-service RBAC resolution code. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #19813
What
Gives organization-level defaults their own page in the docs nav and corrects how they're documented across the RBAC section.
New page
organization-wide-role-settings.md— documents every option in the Organization-wide role settings panel (Stack / Environment / Account / Team permissions — each dropdown level and capability toggle), explains how the defaults trickle down through the additive RBAC model (union of org-wide defaults + custom role + team roles + creator grants), and clarifies how the settings relate to scopes/roles. Slots into the nav right after Roles (weight 3; Permission sets → 4, Scopes → 5). Includes a bordered screenshot of the panel.Consolidation (move + leave references)
roles.md— removes the outdated "set a custom role as default role" mechanism (Settings → Roles → Set as default role) and points the Member row, custom-roles note, and Users section at the new page._index.md— reframes the "Organization default role" bullet and "Organization-wide settings" section to the new page; corrects the UI path.scopes.md,permission-sets.md,teams.md— update the org-wide toggle references and UI paths to point at the new page.UI path correction
All references now use the current (June 2026) path: Settings → Access management → Roles tab → View organization-wide role settings, replacing the stale Settings → Access Management / Settings → Roles wording.
Verification
make buildsucceeds; new page renders at/docs/administration/access-identity/rbac/organization-wide-role-settings/.make lintpasses (0 errors). Vale nags are pre-existing/advisory.🤖 Generated with Claude Code