empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 00:45:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update "Team member" wording in docs to reference users instead. (#17116)

Browse Source 
+ Changed a bunch of instances of "member" to "user" to match the
updated UI (https://github.com/fleetdm/fleet/issues/15893)
+ Cut some step-by-step instructions for using the team UI from the
"Segment hosts" docs
This commit is contained in:
Rachael Shaw 2024-02-29 15:07:59 -06:00 committed by GitHub
parent 89ae60ddec
commit dd2d6eb4d0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 19 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/REST API/rest-api.md
View File

@ -8404,7 +8404,7 @@ _Available in Fleet Premium_
| id | integer | path | **Required.** The desired team's ID. |
| name | string | body | The team's name. |
| host_ids | list | body | A list of hosts that belong to the team. |
| user_ids | list | body | A list of users that are members of the team. |
| user_ids | list | body | A list of users on the team. |
| webhook_settings | object | body | Webhook settings contains for the team. |
|   failing_policies_webhook | object | body | Failing policies webhook settings. |
|     enable_failing_policies_webhook | boolean | body | Whether or not the failing policies webhook is enabled. |

2
docs/Using Fleet/MDM-macOS-setup.md
View File

@ -232,7 +232,7 @@ Set Fleet to be the MDM for all future Macs purchased via Apple or an authorized
All hosts that automatically enroll will be assigned to the default team. If no default team is set, then the host will be placed in "No team".
> A host can be transferred to a new (not default) team before it enrolls. Learn how [here](./Teams.md#transfer-hosts-to-a-team).
> A host can be transferred to a new (not default) team before it enrolls. In the Fleet UI, you can do this under **Settings** > **Teams**.
Use either of the following methods to change the default team:

10
docs/Using Fleet/manage-access.md
View File

@ -60,7 +60,7 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines.
| Create, edit, and delete policies for all hosts assigned to team\* | | | ✅ | ✅ | ✅ |
| Manage [policy automations](https://fleetdm.com/docs/using-fleet/automations#policy-automations) | | | | ✅ | ✅ |
| Create, edit, view, and delete users | | | | ✅ | |
| Add and remove team members\* | | | | ✅ | ✅ |
| Add and remove team users\* | | | | ✅ | ✅ |
| Create, edit, and delete teams\* | | | | ✅ | ✅ |
| Create, edit, and delete [enroll secrets](https://fleetdm.com/docs/deploying/faq#when-do-i-need-to-deploy-a-new-enroll-secret-to-my-hosts) | | | ✅ | ✅ | ✅ |
| Create, edit, and delete [enroll secrets for teams](https://fleetdm.com/docs/using-fleet/rest-api#get-enroll-secrets-for-a-team)\* | | | ✅ | ✅ | |
@ -98,7 +98,7 @@ GitOps is an API-only and write-only role that can be used on CI/CD pipelines.
\** Applies only to [Fleet REST API](https://fleetdm.com/docs/using-fleet/rest-api)
## Team member permissions
## Team user permissions
`Applies only to Fleet Premium`
@ -111,9 +111,9 @@ Users with global access have access to all
[hosts](https://fleetdm.com/docs/using-fleet/rest-api#hosts), [software](https://fleetdm.com/docs/using-fleet/rest-api#software), [queries](https://fleetdm.com/docs/using-fleet/rest-api#queries), and [policies](https://fleetdm.com/docs/using-fleet/rest-api#policies). Check out [the user permissions
table](#user-permissions) above for global user permissions.
Users can be a member of multiple teams in Fleet.
Users can be assigned to multiple teams in Fleet.
Users that are members of multiple teams can be assigned different roles for each team. For example, a user can be given access to the "Workstations" team and assigned the "Observer" role. This same user can be given access to the "Servers" team and assigned the "Maintainer" role.
Users with access to multiple teams can be assigned different roles for each team. For example, a user can be given access to the "Workstations" team and assigned the "Observer" role. This same user can be given access to the "Servers" team and assigned the "Maintainer" role.
| **Action** | Team observer | Team observer+ | Team maintainer | Team admin | Team GitOps |
| -------------------------------------------------------------------------------------------------------------------------------- | ------------- | -------------- | --------------- | ---------- | ----------- |
@ -137,7 +137,7 @@ Users that are members of multiple teams can be assigned different roles for eac
| Filter hosts using policies | ✅ | ✅ | ✅ | ✅ | |
| Create, edit, and delete team policies | | | ✅ | ✅ | ✅ |
| Manage [policy automations](https://fleetdm.com/docs/using-fleet/automations#policy-automations) | | | | ✅ | ✅ |
| Add and remove team members | | | | ✅ | ✅ |
| Add and remove team users | | | | ✅ | ✅ |
| Edit team name | | | | ✅ | ✅ |
| Create, edit, and delete [team enroll secrets](https://fleetdm.com/docs/using-fleet/rest-api#get-enroll-secrets-for-a-team) | | | ✅ | ✅ | |
| Read organization settings\* | ✅ | ✅ | ✅ | ✅ | |

111
docs/Using Fleet/segment-hosts.md
View File

@ -6,57 +6,33 @@
In Fleet 4.0, Teams were introduced.
```
- [View teams](#view-teams)
- [Create a team](#create-a-team)
- [Automatically adding hosts to a team](#automatically-adding-hosts-to-a-team)
- [Overview](#overview)
- [Best practice](#best-practice)
- [Transfer hosts to a team](#transfer-hosts-to-a-team)
- [Add users to a team](#add-users-to-a-team)
- [Remove a member from a team](#remove-a-member-from-a-team)
- [Remove a team](#remove-a-team)
## Overview
In Fleet, you can group hosts together in a team.
With hosts segmented into exclusive teams, you can apply specific queries, policies, and agent options to each team.
Then, you can give users access to only some teams.
For example, you might create a team for each type of system in your organization. You can name the teams `Workstations`, `Workstations - sandbox`, `Servers`, and `Servers - sandbox`.
This means you manage permissions so that some users can only run queries and manage hosts on the teams these users have access to.
> A popular pattern is to end a teams name with “- sandbox”, then you can use this to test new queries and configuration with staging hosts or volunteers acting as canaries.
You can manage teams in the Fleet UI by selecting **Settings** > **Teams** in the top navigation. From there, you can add or remove teams, manage user access to teams, transfer hosts, or modify team settings.
Then you can:
## Best practice
- Enroll hosts to one team using team specific enroll secrets
The best practice is to create these teams: `Workstations`, `Workstations (canary)`, `Servers`, and `Servers (canary)`.
- Apply unique agent options to each team
- Schedule queries that target one or more teams
- Run live queries against one or more teams
- Grant users access to one or more
## View teams
To view teams:
In the top navigation select "Settings" and then "Teams."
## Create a team
To create a team:
1. In the top navigation select "Settings" and then, in the sub-navigation, select "Teams."
2. To the left of the search box, select "Create team."
3. Enter your new team's name and select "Save."
## Automatically adding hosts to a team
## Adding hosts to a team
Hosts can only belong to one team in Fleet.
You can add hosts to a new team in Fleet by either enrolling the host with a team's enroll secret or by [transferring the host via the Fleet UI](#transfer-hosts-to-a-team) after the host has been enrolled to Fleet.
You can add hosts to a new team in Fleet by either enrolling the host with a team's enroll secret or by transferring the host via the Fleet UI after the host has been enrolled to Fleet.
To automatically add hosts to a team in Fleet, check out the ["Adding hosts" documentation](https://fleetdm.com/docs/using-fleet/adding-hosts#automatically-adding-hosts-to-a-team).
To automatically add hosts to a team in Fleet, check out the [**Adding hosts** documentation](https://fleetdm.com/docs/using-fleet/adding-hosts#automatically-adding-hosts-to-a-team).
> If a host was previously enrolled using a global enroll secret, changing the host's osquery enroll
> secret will not cause the host to be transferred to the desired team. You must delete the
@ -64,71 +40,8 @@ To automatically add hosts to a team in Fleet, check out the ["Adding hosts" doc
> using the new team enroll secret. Alternatively, you can transfer the host via the Fleet UI, the
> fleetctl CLI using `fleetctl hosts transfer`, or the [transfer host API endpoint](https://fleetdm.com/docs/using-fleet/rest-api#transfer-hosts-to-a-team).
## Transfer hosts to a team
To transfer a host to a team:
1. In the top navigation, select "Hosts."
2. Using the checkboxes in the Hosts table, select the hosts you'd like to transfer.
3. In the Hosts table header select "Transfer to team."
4. Choose the team you'd like to transfer the hosts to and confirm the action.
## Add users to a team
Global users cannot be added to a team.
To add users to a team:
1. In the top navigation, select "Settings" and then, in the sub-navigation, select "Teams."
2. Find your team and select it.
3. To the left of the search box, select "Add member."
4. Select one or more users by searching for their full name and confirm the action.
Users will be given the [Observer role](https://fleetdm.com/docs/using-fleet/permissions#team-member-permissions) when added to the team. The [Edit a member's role](#edit-a-members-role) provides instructions on changing the permission level of users on a team.
## Edit a member's role
To edit a member's role:
1. In the top navigation, select "Settings" and then, in the sub-navigation, select "Teams."
2. Find your team and select it.
3. In the Members table, select the "Actions" button for the user you'd like to edit and then select "Edit."
4. In the Teams section of the form, to the right of the team you'd like to change the users role on, select "Observer" (this may also say "Maintainer") and then select the new role.
5. Confirm the action.
## Remove a member from a team
To remove a member from a team:
1. In the top navigation, select "Settings" and then, in the sub-navigation, select "Teams."
2. Find your team and select it.
3. In the Members table, select the "Actions" button for the user you'd like to edit and then select "Remove."
4. Confirm the action.
## Delete a team
To delete a team:
1. In the top navigation, select "Settings" and then, in the sub-navigation, select "Teams."
2. Find your team and select it.
3. On the right side, select "Delete team" and confirm the action.
<meta name="pageOrderInSection" value="1000">
<meta name="description" value="Learn how to group hosts in Fleet to apply specific queries, policies, and agent options using teams.">
<meta name="navSection" value="The basics">