diff --git a/tidb-cloud/_index.md b/tidb-cloud/_index.md index 29bea6701cf11..fe569f7a24f58 100644 --- a/tidb-cloud/_index.md +++ b/tidb-cloud/_index.md @@ -101,14 +101,14 @@ hide_commit: true [Password Authentication](https://docs.pingcap.com/tidbcloud/tidb-cloud-password-authentication) +[User Roles](https://docs.pingcap.com/tidbcloud/manage-user-access#user-roles) + [Manage User Profiles](https://docs.pingcap.com/tidbcloud/manage-user-access#manage-user-profiles) [Manage organization access](https://docs.pingcap.com/tidbcloud/manage-user-access#manage-organization-access) [Manage project access](https://docs.pingcap.com/tidbcloud/manage-user-access#manage-project-access) -[Configure Roles](https://docs.pingcap.com/tidbcloud/manage-user-access#manage-role-access) - [Configure Security Settings](https://docs.pingcap.com/tidbcloud/configure-security-settings) diff --git a/tidb-cloud/integrate-tidbcloud-with-vercel.md b/tidb-cloud/integrate-tidbcloud-with-vercel.md index 1e25711d37296..599f3fe0a53ba 100644 --- a/tidb-cloud/integrate-tidbcloud-with-vercel.md +++ b/tidb-cloud/integrate-tidbcloud-with-vercel.md @@ -50,7 +50,7 @@ You are expected to have an account and a cluster in TiDB Cloud. If you do not h > > For TiDB Dedicated clusters, make sure that the traffic filter of the cluster allows all IP addresses (set to `0.0.0.0/0`) for connection, because Vercel deployments use [dynamic IP addresses](https://vercel.com/guides/how-to-allowlist-deployment-ip-address). If you use the TiDB Cloud Vercel integration, TiDB Cloud automatically adds a `0.0.0.0/0` traffic filter to your cluster in the integration workflow if there is none. -To [integrate with Vercel via the TiDB Cloud Vercel Integration](#connect-via-the-tidb-cloud-vercel-integration), you are expected to have the "Owner" access to your organization or the "Member" access to the target project in TiDB Cloud. For more information, see [Manage role access](/tidb-cloud/manage-user-access.md#manage-role-access). +To [integrate with Vercel via the TiDB Cloud Vercel Integration](#connect-via-the-tidb-cloud-vercel-integration), you are expected to have the `Organization Owner` access to your organization or the `Project Owner` access to the target project in TiDB Cloud. For more information, see [User roles](/tidb-cloud/manage-user-access.md#user-roles). One TiDB Cloud cluster can connect to multiple Vercel projects. diff --git a/tidb-cloud/manage-user-access.md b/tidb-cloud/manage-user-access.md index ca61f4cac456d..da2c3765e13ac 100644 --- a/tidb-cloud/manage-user-access.md +++ b/tidb-cloud/manage-user-access.md @@ -11,7 +11,7 @@ Before accessing TiDB cloud, [create a TiDB cloud account](https://tidbcloud.com ## Organizations and projects -TiDB Cloud provides a hierarchical structure based on organizations and projects to facilitate the management of TiDB Cloud clusters. If you are an organization owner for TiDB Dedicated, you can create multiple projects in your organization. +TiDB Cloud provides a hierarchical structure based on organizations and projects to facilitate the management of TiDB Cloud clusters. If you are an organization owner, you can create multiple projects in your organization. ``` - Your organization @@ -30,9 +30,9 @@ Under this structure: - To access an organization, a user must be a member of that organization. - To access a project in an organization, a user must at least have the read access to the project in that organization. -- To manage clusters in a project, a user must be in the project owner role. +- To manage clusters in a project, a user must be in the `Project Owner` role. -For more information about user roles and permissions, see [TiDB Cloud User Roles](). +For more information about user roles and permissions, see [User Roles](#user-roles). ### Organizations @@ -200,7 +200,7 @@ To switch between organizations, take the following steps: ### Set the time zone for your organization -If you are the organization owner, you can modify the system display time according to your time zone. +If you are in the `Organization Owner` role, you can modify the system display time according to your time zone. To change the local timezone setting, take the following steps: @@ -216,7 +216,7 @@ To change the local timezone setting, take the following steps: ### Invite an organization member -If you are the owner of an organization, you can invite organization members. +If you are in the `Organization Owner` role, you can invite members to your organization. > **Note:** > @@ -237,7 +237,7 @@ To invite a member to an organization, take the following steps: > **Tip:** > > - If you want to invite multiple members at one time, you can enter multiple email addresses. - > - The invited user does not belong to any projects by default. To invite a user to a project, see [invite project member](#invite-a-project-member). + > - The invited user does not belong to any projects by default. To invite a user to a project, see [Invite a project member](#invite-a-project-member). 6. Click **Confirm**. Then the new user is successfully added into the user list. At the same time, an email is sent to the invited email address with a verification link. @@ -251,7 +251,7 @@ To invite a member to an organization, take the following steps: ### Modify the role of an organization member -If you are the organization owner, you can modify roles of members in your organization. +If you are in the `Organization Owner` role, you can modify roles in your organization. To modify the role of an organization member, take the following steps: @@ -265,7 +265,7 @@ To modify the role of an organization member, take the following steps: ### Remove an organization member -If you are the owner of an organization, you can remove organization members. +If you are in the `Organization Owner` role, you can remove organization members from your organization. To remove a member from an organization, take the following steps: @@ -277,7 +277,7 @@ To remove a member from an organization, take the following steps: 2. Click **Organization Settings**. The organization settings page is displayed. -3. Click the **User Management** tab, and then select **By All Users**. +3. Click the **User Management** tab, and then select **By Organization**. 4. Click **Delete** in the user row that you want to delete. @@ -301,7 +301,7 @@ To check which project you belong to, take the following steps: > > For free trial users, you cannot create a new project. -If you are the organization owner, you can create projects in your organization. +If you are in the `Organization Owner` role, you can create projects in your organization. To create a new project, take the following steps: @@ -317,7 +317,7 @@ To create a new project, take the following steps: ### Rename a project -If you are the organization owner, you can rename any projects in your organization. If you are the project owner, you can rename your project. +If you are in the `Organization Owner` role, you can rename any projects in your organization. If you are in the `Project Owner` role, you can rename your project. To rename a project, take the following steps: @@ -333,11 +333,11 @@ To rename a project, take the following steps: ### Invite a project member -If you are the organization owner or project owner, you can invite members to your projects. +If you are in the `Organization Owner` or `Project Owner` role, you can invite members to your projects. > **Note:** > -> When a user who is not currently in your organization is invited to join your project, accepting the invitation will automatically make the user a member of your organization. +> When a user not in your organization joins your project, the user automatically joins your organization as well. To invite a member to a project, take the following steps: @@ -367,7 +367,7 @@ To invite a member to a project, take the following steps: ### Modify the role of an project member -If you are the organization owner, you can modify roles of members in your organization. If you are the project owner, you can modify roles of members in your project. +If you are in the `Organization Owner` role, you can modify roles of members in your organization. If you are in the `Project Owner` role, you can modify roles of members in your project. To modify the role of an organization member, take the following steps: @@ -381,7 +381,7 @@ To modify the role of an organization member, take the following steps: ### Remove a project member -If you are the organization owner or project owner, you can remove project members. +If you are in the `Organization Owner` or `Project Owner` role, you can remove project members. To remove a member from a project, take the following steps: diff --git a/tidb-cloud/migrate-from-amazon-s3-or-gcs.md b/tidb-cloud/migrate-from-amazon-s3-or-gcs.md index bee8a72984f39..25551df1190c2 100644 --- a/tidb-cloud/migrate-from-amazon-s3-or-gcs.md +++ b/tidb-cloud/migrate-from-amazon-s3-or-gcs.md @@ -98,7 +98,7 @@ If your organization is using TiDB Cloud as a service on Google Cloud Platform ( Before migrating data from GCS to TiDB Cloud, ensure the following: - You have administrator access to your corporate-owned GCP account. -- You have administrator access to the TiDB Cloud Management Portal. +- You have a TiDB Cloud account with at least the [`Project Data Access Read-Write`](/tidb-cloud/manage-user-access.md#user-roles) access. ### Step 1. Create a GCS bucket and prepare source data files diff --git a/tidb-cloud/migrate-from-op-tidb.md b/tidb-cloud/migrate-from-op-tidb.md index 25b9c5b3df528..49be7ca9550d9 100644 --- a/tidb-cloud/migrate-from-op-tidb.md +++ b/tidb-cloud/migrate-from-op-tidb.md @@ -24,7 +24,7 @@ Before migration, you need to prepare the following: - An [AWS account](https://docs.aws.amazon.com/AmazonS3/latest/userguide/setting-up-s3.html#sign-up-for-aws-gsg) with administrator access - An [AWS S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-bucket.html) -- [A TiDB Cloud account with the administrator access and a TiDB Cloud (AWS) cluster](/tidb-cloud/tidb-cloud-quickstart.md) +- [A TiDB Cloud account](/tidb-cloud/tidb-cloud-quickstart.md) with at least the [`Project Data Access Read-Write`](/tidb-cloud/manage-user-access.md#user-roles) access and a TiDB Cloud (AWS) cluster ## Prepare tools diff --git a/tidb-cloud/third-party-monitoring-integrations.md b/tidb-cloud/third-party-monitoring-integrations.md index 6671eaa55086a..098cacb1e189f 100644 --- a/tidb-cloud/third-party-monitoring-integrations.md +++ b/tidb-cloud/third-party-monitoring-integrations.md @@ -9,7 +9,7 @@ You can integrate TiDB Cloud with third-party metrics services to receive TiDB C ## Required access -To edit third-party integration settings, you must have the `Owner` access to your organization or `Member` access to the target project. +To edit third-party integration settings, you must be in the `Organization Owner` role of your organization or the `Project Owner` role of the target project. ## View or modify third-party integrations diff --git a/tidb-cloud/tidb-cloud-auditing.md b/tidb-cloud/tidb-cloud-auditing.md index 929af52868539..bc2daeeda5eb8 100644 --- a/tidb-cloud/tidb-cloud-auditing.md +++ b/tidb-cloud/tidb-cloud-auditing.md @@ -22,7 +22,7 @@ The audit logging feature is disabled by default. To audit a cluster, you need t ## Prerequisites - You are using a TiDB Dedicated cluster. Audit logging is not available for TiDB Serverless clusters. -- You are the audit administrator of your organization in TiDB Cloud. Otherwise, you cannot see the audit-related options in the TiDB Cloud console. For more information, see [Manage role access](/tidb-cloud/manage-user-access.md#manage-role-access). +- You are the `Project Owner` of your project in TiDB Cloud. Otherwise, you cannot see the database audit-related options in the TiDB Cloud console. For more information, see [User roles](/tidb-cloud/manage-user-access.md#user-roles). ## Enable audit logging for AWS or GCP diff --git a/tidb-cloud/tidb-cloud-billing.md b/tidb-cloud/tidb-cloud-billing.md index c82ab3a065037..e226614fb8064 100644 --- a/tidb-cloud/tidb-cloud-billing.md +++ b/tidb-cloud/tidb-cloud-billing.md @@ -16,7 +16,7 @@ TiDB Cloud charges according to the resources that you consume. You can visit th ## Invoices -If you are the owner or billing administrator of your organization, you can manage the invoice information of TiDB Cloud. Otherwise, skip this section. +If you are in the `Organization Owner` or `Organization Billing Admin` role of your organization, you can manage the invoice information of TiDB Cloud. Otherwise, skip this section. After you set up the payment method, TiDB Cloud will generate an invoice once your cost reaches a quota, which is $500 by default. If you want to raise the quota or receive one invoice per month, you can [contact our sales](https://www.pingcap.com/contact-us/). @@ -50,7 +50,7 @@ To view the list of invoices, perform the following steps: ## Billing details -If you are the owner or billing administrator of the organization, you can view and export the billing details of TiDB Cloud. Otherwise, skip this section. +If you are in the `Organization Owner` or `Organization Billing Admin` role of your organization, you can view and export the billing details of TiDB Cloud. Otherwise, skip this section. After setting the payment method, TiDB Cloud will generate the invoice and billing details of the historical months, and generate the bill details of the current month at the beginning of each month. The billing details include your organization's TiDB cluster usage consumption, discounts, backup storage costs, data transmission costs, support service cost, credit consumption, and project splitting information. @@ -113,7 +113,7 @@ To view this page, perform the following steps: ## Discounts -If you are the owner or billing administrator of your organization, you can view the discount information of TiDB Cloud on the **Discounts** page. Otherwise, skip this section. +If you are in the `Organization Owner` or `Organization Billing Admin` role of your organization, you can view the discount information of TiDB Cloud on the **Discounts** page. Otherwise, skip this section. The discount information includes all discounts that you have received, the status, the discount percentage, and the discount start and end date. @@ -130,7 +130,7 @@ To view this page, perform the following steps: ## Payment method -If you are the owner or billing administrator of your organization, you can manage the payment information of TiDB Cloud. Otherwise, skip this section. +If you are in the `Organization Owner` or `Organization Billing Admin` role of your organization, you can manage the payment information of TiDB Cloud. Otherwise, skip this section. > **Note:** > @@ -194,7 +194,7 @@ To edit the billing profile information, perform the following steps: ## Contract -If you are the owner or billing administrator of your organization, you can manage your customized TiDB Cloud subscriptions in the TiDB Cloud console to meet compliance requirements. Otherwise, skip this section. +If you are in the `Organization Owner` or `Organization Billing Admin` role of your organization, you can manage your customized TiDB Cloud subscriptions in the TiDB Cloud console to meet compliance requirements. Otherwise, skip this section. If you have agreed with our sales on a contract and received an email to review and accept the contract online, you can do the following: @@ -212,7 +212,7 @@ To learn more about contracts, feel free to [contact our sales](https://www.ping ## Billing from AWS Marketplace or Google Cloud Marketplace -If you are the owner or billing administrator of your organization, you can link your TiDB Cloud account to an AWS billing account or Google Cloud billing account. Otherwise, skip this section. +If you are in the `Organization Owner` or `Organization Billing Admin` role of your organization, you can link your TiDB Cloud account to an AWS billing account or Google Cloud billing account. Otherwise, skip this section. If you are new to TiDB Cloud and do not have a TiDB Cloud account, you can sign up for a TiDB Cloud account through [AWS Marketplace](https://aws.amazon.com/marketplace) or [Google Cloud Marketplace](https://console.cloud.google.com/marketplace), and pay for the usage via the AWS or GCP billing account. diff --git a/tidb-cloud/tidb-cloud-console-auditing.md b/tidb-cloud/tidb-cloud-console-auditing.md index 28582876e1814..dbc4e1de79815 100644 --- a/tidb-cloud/tidb-cloud-console-auditing.md +++ b/tidb-cloud/tidb-cloud-console-auditing.md @@ -9,7 +9,7 @@ TiDB Cloud provides the console audit logging feature to help you track various ## Prerequisites -- You must be in the Owner or Audit Admin role of your organization in TiDB Cloud. Otherwise, you cannot see the console audit logging-related options in the TiDB Cloud console. The Audit Admin role is only visible upon request, so it is recommended that you use the Owner role directly. If you need to use the Audit Admin role, click **?** in the lower-right corner of the [TiDB Cloud console](https://tidbcloud.com) and click **Chat with Us**. Then, fill in "Apply for the Audit Admin role" in the **Description** field and click **Send**. For more information about roles in TiDB Cloud, see [Manage role access](/tidb-cloud/manage-user-access.md#manage-role-access). +- You must be in the `Organization Owner` or `Organization Console Audit Admin` role of your organization in TiDB Cloud. Otherwise, you cannot see the console audit logging-related options in the TiDB Cloud console. The `Organization Console Audit Admin` role is only visible upon request, so it is recommended that you use the `Organization Owner` role directly. If you need to use the `Organization Console Audit Admin` role, click **?** in the lower-right corner of the [TiDB Cloud console](https://tidbcloud.com) and click **Chat with Us**. Then, fill in "Apply for the Organization Console Audit Admin role" in the **Description** field and click **Send**. For more information about roles in TiDB Cloud, see [User roles](/tidb-cloud/manage-user-access.md#user-roles). - You can only enable and disable the console audit logging for your organization. You can only track the actions of users in your organization. - After the console audit logging is enabled, all event types of the TiDB Cloud console will be audited, and you cannot specify only auditing some of them. diff --git a/tidb-cloud/tidb-cloud-glossary.md b/tidb-cloud/tidb-cloud-glossary.md index 2bb6bfacc9092..1c9f28babbaf1 100644 --- a/tidb-cloud/tidb-cloud-glossary.md +++ b/tidb-cloud/tidb-cloud-glossary.md @@ -77,7 +77,7 @@ An entity that you create to manage your TiDB Cloud accounts, including a manage ### organization members -Organization members are users who are invited by the organization owner to join an organization. Organization members can view members of the organization and can be invited to projects within the organization. +Organization members are users who are invited by the organization owner or project owner to join an organization. Organization members can view members of the organization and can be invited to projects within the organization. ## P diff --git a/tidb-cloud/tidb-cloud-org-sso-authentication.md b/tidb-cloud/tidb-cloud-org-sso-authentication.md index fd4c215023fa3..cd2c744f7f4ee 100644 --- a/tidb-cloud/tidb-cloud-org-sso-authentication.md +++ b/tidb-cloud/tidb-cloud-org-sso-authentication.md @@ -29,7 +29,7 @@ Before migrating to Cloud Organization SSO, check and confirm the items in this > **Note:** > > - Once Cloud Organization SSO is enabled, it cannot be disabled. -> - To enable Cloud Organization SSO, you need to have the owner role in your TiDB Cloud organization. For more information about roles, see [Manage role access](/tidb-cloud/manage-user-access.md#manage-role-access). +> - To enable Cloud Organization SSO, you need to have the `Organization Owner` role in your TiDB Cloud organization. For more information about roles, see [User roles](/tidb-cloud/manage-user-access.md#user-roles). ### Decide a custom URL for the TiDB Cloud login page of your organization @@ -54,9 +54,9 @@ All the enabled authentication methods will be displayed on your custom TiDB Clo ### Decide whether to enable auto-provision -Auto-provision is a feature that allows members to automatically join an organization without requiring an invitation from an existing member or organization owner. In TiDB Cloud, it is disabled by default for all the supported authentication methods. +Auto-provision is a feature that allows members to automatically join an organization without requiring an invitation from the `Organization Owner` or `Project Owner`. In TiDB Cloud, it is disabled by default for all the supported authentication methods. -- When auto-provision is disabled for an authentication method, only users who have been invited by an organization owner can log in to your custom URL. +- When auto-provision is disabled for an authentication method, only users who have been invited by an `Organization Owner` or `Project Owner` can log in to your custom URL. - When auto-provision is enabled for an authentication method, any users using this authentication method can log in to your custom URL. After login, they are automatically assigned the default **Member** role within the organization. For security considerations, if you choose to enable auto-provision, it is recommended to limit the allowed email domains for authentication when you [configure the authentication method details](#step-2-configure-authentication-methods). @@ -74,7 +74,7 @@ Before enabling Cloud Organization SSO, make sure to inform your members about t To enable Cloud Organization SSO, take the following steps: -1. Log in to [TiDB Cloud console](https://tidbcloud.com) as a user with the organization owner role. +1. Log in to [TiDB Cloud console](https://tidbcloud.com) as a user with the `Organization Owner` role. 2. In the lower-left corner of the TiDB Cloud console, click , and then click **Organization Settings**. 3. On the **Organization Settings** page, click the **Authentication** tab, and then click **Enable**. 4. In the dialog, fill in the custom URL for your organization, which must be unique in TiDB Cloud.