Skip to content

Commit

Permalink
rework connection permissions docs to reduce duplication
Browse files Browse the repository at this point in the history
  • Loading branch information
@johnsmyth
johnsmyth committed Jul 23, 2024
1 parent fb1f84f commit b4efb63
Show file tree
Hide file tree
Showing 5 changed files with 76 additions and 101 deletions.
25 changes: 3 additions & 22 deletions docs/integrations/aws.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,6 @@ sidebar_label: AWS

# AWS Integration


The AWS Integration allows you to automatically import a connection folder hierarchy that mirrors your AWS Organization folder structure, with a connection folder for each AWS OU and a [connection](/pipes/docs/connections) for each account in your AWS organization.

The AWS integration will automatically keep the configuration up to date as your organization changes, adding, removing, and modifying connections and folders as accounts and OUs are created, deleted, or changed in your AWS Organization.
Expand Down Expand Up @@ -61,15 +60,9 @@ If desired, you can set advanced options for the child connections. These optio
Click the **Test Connection** button to verify that the credentials are configured correctly, then click **Next**.


Finally, select the [Permissions](#permissions) to assign to the root folder created from this AWS integration. Note that you do not have to set the permissions now and you can change them later.

- **All Organizations and Workspaces**
- **Specific Organizations and Workspaces**
- **No Workspaces**
Finally, select the [Permissions](/pipes/docs/tenants/connections#permissions). The permissions on this screen apply to the top-level folders and therefore to *all connections and folders* discovered by this integration. If you want to assign permissions more granularly, on a per-subfolder or per-connection basis, select **No Workspaces** at this time, and then manage the permissions on the connections and folders once they have been discovered.

The permissions on this screen apply to the root folder and therefore to *all connections and folders* discovered by this integration. If you want to assign permissions more granularly, on a per-subfolder or per-connection basis, select **No Workspaces** at this time, and then manage the permissions on the connections and folders once they have been discovered.

Note also that **All** will not only add permissions for the existing identities and workspaces but will also allow access for any new connections and folders that are created when they are added to the AWS organization.
Note also that **All** will not only add permissions for the existing identities and workspaces but will also allow access for any new connections and folders that are created when OUs or accounts are added to the AWS organization.

After you have made your selections, click **Create Integration**. Pipes will begin discovering your accounts and OUs and creating folders and connections.

Expand Down Expand Up @@ -105,16 +98,4 @@ Navigate to the **Integrations** page for the appropriate resource:
- To configure an AWS integration for your **Organization**, click the double arrow button from the organization switcher at the top of the page and select the organization from the dropdown. Once you've selected your organization, go to the **Integrations** tab to manage the integrations for the organization.


Go to the **Advanced** page and click the **Delete Integration** button. You will be asked to enter the handle to confirm deletion. If you wish to *permanently delete the integration and all of its resources*, click **Delete**.


## Permissions
You can create an integration for a tenant or an organization, and where you create the integration affects the scope of the resources it creates; the resulting connections and folders can only be shared within the entity in which it was created. When creating the integration, you can set **Permissions** for the connections and folders that it creates:
- Tenant-level connections and folders can be shared with any identity or workspace within the tenant.
- Org-level connections and folders can be shared with any workspace within the org, but not with other orgs.

When you grant permissions on a folder, all the connections that are members of that folder inherit the same permissions; granting access to a folder implicitly grants access to its connections. Permissions are additive and can only be granted, not denied. If you grant permissions to an identity or workspace for a folder you cannot revoke access for these individual connections, only to the folder as a whole.

You can set permissions for folders and connections from their settings page. Navigate to the desired tenant or org and browse the **Connections** to find the resource you wish to manage. Click the connection or folder. From the **Settings** tab, select **Permissions**. Select the desired permissions and click **Save**.

Note that setting permissions for a connection or folder does not attach its schema to the workspaces, it merely makes it visible to the workspaces so that [it may be attached](/pipes/docs/connections#adding-schemas).
Go to the **Advanced** page and click the **Delete Integration** button. You will be asked to enter the handle to confirm deletion. If you wish to *permanently delete the integration and all of its resources*, click **Delete**.
25 changes: 3 additions & 22 deletions docs/integrations/azure.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,15 +48,9 @@ Optionally, provide a **Handle Prefix** to be pre-pended to the names of connect

Click the **Test Connection** button to verify that the credentials are configured correctly, then click **Next**.

Finally, select the [Permissions](#permissions) to assign to the root folder created from this Azure integration. Note that you do not have to set the permissions now and you can change them later.
Finally, select the [Permissions](/pipes/docs/tenants/connections#permissions). The permissions on this screen apply to the top-level folders and therefore to *all connections and folders* discovered by this integration. If you want to assign permissions more granularly, on a per-subfolder or per-connection basis, select **No Workspaces** at this time, and then manage the permissions on the connections and folders once they have been discovered.

- **All Organizations and Workspaces**
- **Specific Organizations and Workspaces**
- **No Workspaces**

The permissions on this screen apply to the root folder, thus *all connections and folders* discovered by this integration. If you want to assign permissions more granular, on a per-subfolder or per-connection basis, select **No Workspaces** at this time, and then manage the permissions on the connections and folders once they have been discovered.

Note also that **All** will not only add permissions for the existing identities and workspaces but will also allow access for any new connections and folders that are created when they are added to the Azure organization.
Note also that **All** will not only add permissions for the existing identities and workspaces but will also allow access for any new connections and folders that are created when subscriptions or management groups are added to the Azure organization.

After you have made your selections, click **Create Integration**. Pipes will begin discovering your subscriptions and management groups and creating folders and connections.

Expand Down Expand Up @@ -93,17 +87,4 @@ Navigate to the **Integrations** page for the appropriate resource:
- To configure an Azure integration for your **Organization**, click the double arrow button from the organization switcher at the top of the page and select the organization from the dropdown. Once you've selected your organization, go to the **Integrations** tab to manage the integrations for the organization.


Go to the **Advanced** page and click the **Delete Integration** button. You will be asked to enter the handle to confirm deletion. If you wish to *permanently delete the integration and all of its resources*, click **Delete**.



## Permissions
You can create an integration for a tenant or an organization, and where you create the integration affects the scope of the resources it creates; the resulting connections and folders can only be shared within the entity in which it was created. When creating the integration, you can set **Permissions** for the connections and folders that it creates:
- Tenant-level connections and folders can be shared with any identity or workspace within the tenant.
- Org-level connections and folders can be shared with any workspace within the org, but not with other orgs.

When you grant permissions on a folder, all the connections that are members of that folder inherit the same permissions; granting access to a folder implicitly grants access to its connections. Note that permissions are additive and can only be granted, not denied. If you grant permissions to an identity or workspace for a folder you cannot revoke access for these individual connections, only to the folder as a whole.

You can set permissions for folders and connections from their settings page. Navigate to the desired tenant or org and browse the **Connections** to find the resource you wish to manage. Click the connection or folder. From the **Settings** tab, select **Permissions**. Select the desired permissions and click **Save**.

Note that setting permissions for a connection or folder does not attach its schema to the workspaces, it merely makes it visible to the workspaces so that [it may be attached](/pipes/docs/connections#adding-schemas).
Go to the **Advanced** page and click the **Delete Integration** button. You will be asked to enter the handle to confirm deletion. If you wish to *permanently delete the integration and all of its resources*, click **Delete**.
27 changes: 4 additions & 23 deletions docs/integrations/gcp.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,11 @@ Optionally, provide a **Handle Prefix** to be pre-pended to the names of connect

Add your **Credentials**, in the form of a JSON key pair for an existing [GCP service account](https://console.cloud.google.com/apis/credentials/serviceaccountkey). As a minimum, grant your service account the **Viewer** role in the projects and folders that you wish to manage.

Finally, select the [Permissions](#permissions) to assign to the root folder created from this GCP integration.
- **All Organizations and Workspaces**
- **Specific Organizations and Workspaces**
- **No Workspaces**
Finally, select the [Permissions](/pipes/docs/tenants/connections#permissions). The permissions on this screen apply to the top-level folders and therefore to *all connections and folders* discovered by this integration. If you want to assign permissions more granularly, on a per-subfolder or per-connection basis, select **No Workspaces** at this time, and then manage the permissions on the connections and folders once they have been discovered.

The root connection folder will contain all connections and sub-folders for this integration, and sharing the root folder will share the full tree, including all of its connections. If you wish to assign permissions more granularly (on individual connections or folders), select **None** and then assign the permissions on those connections and folders after they have been created.

Note also that **All** will not only add permissions for the existing identities and workspaces but will also allow access for any new connections and folders that are created when they are added to the GCP organization.

After you have made your selections, click **Create Integration**. Pipes will begin discovering your projects and folders and creating folders and connections.
Note also that **All** will not only add permissions for the existing identities and workspaces but will also allow access for any new connections and folders that are created when folders and projects are added to the GCP organization.

After you have made your selections, click **Create Integration**. Pipes will begin discovering your subscriptions and management groups and creating folders and connections.

## Modifying the GCP Integration

Expand Down Expand Up @@ -81,17 +75,4 @@ Navigate to the **Integrations** page for the appropriate resource:
- To configure an AWS integration for your **Tenant**, click the double arrow button from the tenant switcher at the top of the Pipes console, select your tenant, and then select **Tenant Settings**. This option will only be visible in a custom tenant for which you are a [tenant owner](people#tenant-roles). Once you've selected your tenant, go to the **Integrations** tab to manage the integrations for the tenant.
- To configure an AWS integration for your **Organization**, click the double arrow button from the organization switcher at the top of the page and select the organization from the dropdown. Once you've selected your organization, go to the **Integrations** tab to manage the integrations for the organization.

Go to the **Advanced** page and click the **Delete Integration** button. You will be asked to enter the handle to confirm deletion. If you wish to *permanently delete the integration and all of its resources*, click **Delete**.

----------

## Permissions
You can create an integration for a tenant or an organization, and where you create the integration affects the scope of the resources it creates; the resulting connections and folders can only be shared within the entity in which it was created. When creating the integration, you can set **Permissions** for the connections and folders that it creates:
- Tenant-level connections and folders can be shared with any identity or workspace within the tenant.
- Org-level connections and folders can be shared with any workspace within the org, but not with other orgs.

When you grant permissions on a folder, all the connections that are members of that folder inherit the same permissions; granting access to a folder implicitly grants access to its connections. Note that permissions are additive and can only be granted, not denied. If you grant permissions to an identity or workspace for a folder you cannot revoke access for these individual connections, only to the folder as a whole.

You can set permissions for folders and connections from their settings page. Navigate to the desired tenant or org and browse the **Connections** to find the resource you wish to manage. Click the connection or folder. From the **Settings** tab, select **Permissions**. Select the desired permissions and click **Save**.

Note that setting permissions for a connection or folder does not attach its schema to the workspaces, it merely makes it visible to workspaces so that [it may be attached](/pipes/docs/connections#adding-schemas).
Go to the **Advanced** page and click the **Delete Integration** button. You will be asked to enter the handle to confirm deletion. If you wish to *permanently delete the integration and all of its resources*, click **Delete**.
Loading

0 comments on commit b4efb63

Please sign in to comment.