From 6c53f51e1c533238fc7d285be50e645512233769 Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Tue, 1 Jul 2025 13:41:23 +0200 Subject: [PATCH 1/4] Roles: Reorganize and fix typo Signed-off-by: Justine Geffen --- platform-cloud/docs/orgs-and-teams/roles.md | 27 +++++++++++---------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/platform-cloud/docs/orgs-and-teams/roles.md b/platform-cloud/docs/orgs-and-teams/roles.md index ecc7f91d0..1fc9dc335 100644 --- a/platform-cloud/docs/orgs-and-teams/roles.md +++ b/platform-cloud/docs/orgs-and-teams/roles.md @@ -1,7 +1,7 @@ --- title: "User roles" description: "Understand the various roles in Seqera Platform." -date: "10 Jun 2024" +date: "2025/07/01" tags: [roles, user-roles] --- @@ -13,9 +13,21 @@ You can group **members** and **collaborators** into **teams** and apply a role ### Organization user roles -- **Owner**: After an organization is created, the user who created the organization is the default owner of that organization. Aditional users can be assigned as organization owners. Owners have full read/write access to modify members, teams, collaborators, and settings within an organization. +- **Owner**: After an organization is created, the user who created the organization is the default owner of that organization. Additional users can be assigned as organization owners. Owners have full read/write access to modify members, teams, collaborators, and settings within an organization. - **Member**: A member is a user who is internal to the organization. Members have an organization role and can operate in one or more organization workspaces. In each workspace, members have a participant role that defines the permissions granted to them within that workspace. +### Role inheritance + +If a user is concurrently assigned to a workspace as both a named **participant** and member of a **team**, Seqera assigns the higher of the two privilege sets. + +Example: + +- If the participant role is Launch and the team role is Admin, the user will have Admin rights. +- If the participant role is Admin and the team role is Launch, the user will have Admin rights. +- If the participant role is Launch and the team role is Launch, the user will have Launch rights. + +As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are deemed necessary. + ### Workspace participant roles | Permission / Role | Owner | Admin | Maintain | Launch | Connect | View | @@ -63,14 +75,3 @@ You can group **members** and **collaborators** into **teams** and apply a role | **Workspace: Studios: Checkpoints:** Edit studio checkpoint name | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | | **Workspace:** View (read-only) resources | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | -### Role inheritance - -If a user is concurrently assigned to a workspace as both a named **participant** and member of a **team**, Seqera assigns the higher of the two privilege sets. - -Example: - -- If the participant role is Launch and the team role is Admin, the user will have Admin rights. -- If the participant role is Admin and the team role is Launch, the user will have Admin rights. -- If the participant role is Launch and the team role is Launch, the user will have Launch rights. - -As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are deemed necessary. From dbc16b0605756e7823b5685a028296a81b30ca7b Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Thu, 3 Jul 2025 19:07:18 +0200 Subject: [PATCH 2/4] Update platform-cloud/docs/orgs-and-teams/roles.md Signed-off-by: Justine Geffen --- platform-cloud/docs/orgs-and-teams/roles.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform-cloud/docs/orgs-and-teams/roles.md b/platform-cloud/docs/orgs-and-teams/roles.md index 1fc9dc335..7e0f0b119 100644 --- a/platform-cloud/docs/orgs-and-teams/roles.md +++ b/platform-cloud/docs/orgs-and-teams/roles.md @@ -1,7 +1,7 @@ --- title: "User roles" description: "Understand the various roles in Seqera Platform." -date: "2025/07/01" +date: "2025-07-01" tags: [roles, user-roles] --- From 2c05a92fad443bf6e7b60e689ef1df16c4088572 Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Mon, 7 Jul 2025 22:14:00 +0200 Subject: [PATCH 3/4] Update roles.md Signed-off-by: Justine Geffen --- platform-cloud/docs/orgs-and-teams/roles.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/platform-cloud/docs/orgs-and-teams/roles.md b/platform-cloud/docs/orgs-and-teams/roles.md index 335f6fc89..6b3d6b4fa 100644 --- a/platform-cloud/docs/orgs-and-teams/roles.md +++ b/platform-cloud/docs/orgs-and-teams/roles.md @@ -1,7 +1,8 @@ --- title: "User roles" description: "Understand the various roles in Seqera Platform." -date: "2025-07-01" +date created: "2024-06-10" +last updated: "2025-07-03" tags: [roles, user-roles] --- From 32212256f11cd72c8ad94f29d9130a22599ad62f Mon Sep 17 00:00:00 2001 From: Justine Geffen Date: Thu, 10 Jul 2025 09:25:27 +0200 Subject: [PATCH 4/4] Update platform-cloud/docs/orgs-and-teams/roles.md Co-authored-by: Chris Hakkaart Signed-off-by: Justine Geffen --- platform-cloud/docs/orgs-and-teams/roles.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/platform-cloud/docs/orgs-and-teams/roles.md b/platform-cloud/docs/orgs-and-teams/roles.md index 6b3d6b4fa..adc03edf1 100644 --- a/platform-cloud/docs/orgs-and-teams/roles.md +++ b/platform-cloud/docs/orgs-and-teams/roles.md @@ -27,7 +27,7 @@ Example: - If the participant role is Admin and the team role is Launch, the user will have Admin rights. - If the participant role is Launch and the team role is Launch, the user will have Launch rights. -As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are deemed necessary. +As a best practice, use teams as the primary vehicle for assigning rights within a workspace and only add named participants when one-off privilege escalations are necessary. ### Workspace participant roles