From 9e66579516b5336227ebcb087f2f2de9e9c40be9 Mon Sep 17 00:00:00 2001 From: Jason McIntosh Date: Tue, 3 Jun 2025 16:45:47 -0400 Subject: [PATCH 1/6] Add a page about RBAC. --- docs/guides/rbac.md | 134 ++++++++++++++++++++++++++++++++++++++++++++ sidebars.ts | 1 + 2 files changed, 135 insertions(+) create mode 100644 docs/guides/rbac.md diff --git a/docs/guides/rbac.md b/docs/guides/rbac.md new file mode 100644 index 00000000..37177a47 --- /dev/null +++ b/docs/guides/rbac.md @@ -0,0 +1,134 @@ +--- +title: Control administrative access +description: Using the role-based authorization feature (RBAC) of CodeRabbit +--- + +CodeRabbit uses role-based authorization control (RBAC) to control which +administrative features are available to your organization's user accounts. + +## Overview of CodeRabbit RBAC {#overview} + +Every CodeRabbit account has exactly one CodeRabbit RBAC role for each organization +that account is associated with. +For example, if you belong to two GitHub-based organizations that use +CodeRabbit, then you have one CodeRabbit RBAC role set for each of those two +organizations. + +CodeRabbit RBAC roles determine your ability to read or change various +billing, account management, and other administrative functions related to +an organization. The roles are as follows: + +- **Admin**: allows full read/write access to all CodeRabbit administrative features. +- **Member**: allows read-only access to a limited set of administrative settings. This role + is appropriate for most developers in an organization. +- **Billing Admin**: allows read/write access to features specific + to a subscription and billing management, and limited access to other administrative features. + +CodeRabbit users with the **Admin** role can modify the RBAC roles of other users in the +organization. + +For a complete list of the administrative functions available to each role, see +[Role permissions](#permissions). + +### RBAC roles and CodeRabbit features {#and-features} + +RBAC roles have no effect on using CodeRabbit features, such +as automated code reviews. In other words, if an organization has a Pro-tier +CodeRabbit account, then all its users can use Pro-tier features when working +with that organization's repositories, regardless of their CodeRabbit RBAC roles with +that organization. + +### CodeRabbit roles and Git platform roles {#and-upstream} + +Modifying an account's CodeRabbit RBAC role doesn't have any "upstream" +effect on that account's role or permissions in your organization's Git platorm. +Similarly, changes to an account's role on your organization's Git platform don't +affect that account's CodeRabbit RBAC role. + +For example, if you have CodeRabbit integrated with a GitHub organization, and you change an account's CodeRabbit role from **Member** to **Admin**, then that account's +permission or ownership level with your GitHub organization doesn't change as a result. + +## Default RBAC roles {#defaults} + +CodeRabbit assigns every user in your Git platform organization a default RBAC role, +using the following metrics: + +- If a user has an ownership-level role with the Git platform organization—for example, + **Admin** on GitHub, or **Owner** on Bitbucket—then that user receives the default + CodeRabbit RBAC role of **Admin**. +- Otherwise, the user receives the **Member** RBAC role by default. + +You can update a user's role from its default setting by following the steps detailed in the next section. This requires that your own account +has an **Admin** RBAC role with the organization. + +CodeRabbit applies these defaults only when initially setting up RBAC for an +account within an organization. Subsequent "upstream" role changes don't affect +an account's CodeRabbit role. + +## View or set RBAC roles {#how-to} + +You can view and set RBAC roles from the CodeRabbit dashboard, as detailed in the +following sections. + +### View roles {#view-roles} + +To view a list of your organization's RBAC role assignments, follow these steps: + +1. Go to the [CodeRabbit dashboard](https://app.coderabbit.ai/settings/repositories). + +1. At the top of the sidebar, select the organization whose user roles you want to view. + +1. On the sidebar, click **Subscription**. + +This displays a table of all of the CodeRabbit **Admin** and **Member** accounts associated with the selected +organization. In this table, the **Role** column displays the CodeRabbit RBAC role for +each account. + +To view a list of accounts with the **Billing Admin** role, click the **Billing Admins** tab located above the table of user accounts. + +### Set roles {#set-roles} + +:::note +To modify users' CodeRabbit accounts, your own account must have the **Admin** RBAC role within your organization. +::: + +To change a user account's RBAC role, follow these steps: + +1. Go to your organization's list of user accounts, as detailed in the previous section. + If you have the **Admin** role within this organization, then the **Role** column in the user accounts table contains selectable menus. + +1. Click the menu in the user's **Role** column, and select the appropriate role from + the list. + +The only roles you can assign through this method are **Admin** and **Member**. +You can't grant the **Billing Admin** role to an existing user account. To add an account with the **Billing Admin** role, see the next section. + +### Add billing admin accounts {#billing} + +To add a CodeRabbit user account with the **Billing Admin** role, follow these steps: + +1. Go to your organization's list of user accounts, as detailed in [View roles](#view-roles). + +1. Click **Invite Billing Admin**. + +1. Enter the name and email address of the billing administrator who you want to invite to the organization. + +This sends an email to the address that you specified. After the recipient completes the process of joining your organization in CodeRabbit, then their record appears in the user accounts list, under the **Billing Admins** tab. + +## Role permissions {#permissions} + +The following table lists the CodeRabbit administative functionality +available to each of the CodeRabbit RBAC roles. + +| Resource | Admin | Member | Billing Admin | +| ----------------------- | ---------- | --------- | ------------- | +| Learning Resources | Read/Write | Read-only | No access | +| Metrics/Dashboard | Read/Write | No access | No access | +| Reports | Read/Write | Read-only | No access | +| Integrations | Read/Write | Read-only | No access | +| Repository Settings | Read/Write | Read-only | No access | +| Admin Management | Read/Write | No access | No access | +| Organization Settings | Read/Write | Read-only | No access | +| User Management | Read/Write | Read-only | Read-only | +| Subscription Management | Read/Write | Read-only | Read/Write | +| Billing Management | Read/Write | No access | Read/Write | diff --git a/sidebars.ts b/sidebars.ts index 9d093311..74ea0204 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -77,6 +77,7 @@ const sidebars: SidebarsConfig = { "integrations/knowledge-base", "guides/review-instructions", "tools/tools", + "guides/rbac", ], }, { From 5de8b2ba4e55ee4d6d6ae779464791ef7d4e6232 Mon Sep 17 00:00:00 2001 From: Jason McIntosh Date: Tue, 3 Jun 2025 17:01:27 -0400 Subject: [PATCH 2/6] Small changes to RBAC documentation --- docs/guides/rbac.md | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/docs/guides/rbac.md b/docs/guides/rbac.md index 37177a47..dc3dbd07 100644 --- a/docs/guides/rbac.md +++ b/docs/guides/rbac.md @@ -3,12 +3,13 @@ title: Control administrative access description: Using the role-based authorization feature (RBAC) of CodeRabbit --- -CodeRabbit uses role-based authorization control (RBAC) to control which -administrative features are available to your organization's user accounts. +You can control which CodeRabbit +administrative features are available to your organization's user accounts by using +role-based access control (RBAC). ## Overview of CodeRabbit RBAC {#overview} -Every CodeRabbit account has exactly one CodeRabbit RBAC role for each organization +Every CodeRabbit account has exactly one RBAC role for each organization that account is associated with. For example, if you belong to two GitHub-based organizations that use CodeRabbit, then you have one CodeRabbit RBAC role set for each of those two @@ -30,14 +31,6 @@ organization. For a complete list of the administrative functions available to each role, see [Role permissions](#permissions). -### RBAC roles and CodeRabbit features {#and-features} - -RBAC roles have no effect on using CodeRabbit features, such -as automated code reviews. In other words, if an organization has a Pro-tier -CodeRabbit account, then all its users can use Pro-tier features when working -with that organization's repositories, regardless of their CodeRabbit RBAC roles with -that organization. - ### CodeRabbit roles and Git platform roles {#and-upstream} Modifying an account's CodeRabbit RBAC role doesn't have any "upstream" @@ -48,9 +41,15 @@ affect that account's CodeRabbit RBAC role. For example, if you have CodeRabbit integrated with a GitHub organization, and you change an account's CodeRabbit role from **Member** to **Admin**, then that account's permission or ownership level with your GitHub organization doesn't change as a result. +### CodeRabbit roles and developer features {#and-features} + +CodeRabbit RBAC roles have no effect on using CodeRabbit developer features, such +as automated code reviews. In other words, if an organization has a Pro-tier +CodeRabbit account, then all developers working with its repositories can use Pro-tier features, regardless of RBAC. + ## Default RBAC roles {#defaults} -CodeRabbit assigns every user in your Git platform organization a default RBAC role, +CodeRabbit assigns every user account in your organization a default RBAC role, using the following metrics: - If a user has an ownership-level role with the Git platform organization—for example, @@ -75,9 +74,7 @@ following sections. To view a list of your organization's RBAC role assignments, follow these steps: 1. Go to the [CodeRabbit dashboard](https://app.coderabbit.ai/settings/repositories). - 1. At the top of the sidebar, select the organization whose user roles you want to view. - 1. On the sidebar, click **Subscription**. This displays a table of all of the CodeRabbit **Admin** and **Member** accounts associated with the selected @@ -96,7 +93,6 @@ To change a user account's RBAC role, follow these steps: 1. Go to your organization's list of user accounts, as detailed in the previous section. If you have the **Admin** role within this organization, then the **Role** column in the user accounts table contains selectable menus. - 1. Click the menu in the user's **Role** column, and select the appropriate role from the list. @@ -108,9 +104,7 @@ You can't grant the **Billing Admin** role to an existing user account. To add a To add a CodeRabbit user account with the **Billing Admin** role, follow these steps: 1. Go to your organization's list of user accounts, as detailed in [View roles](#view-roles). - 1. Click **Invite Billing Admin**. - 1. Enter the name and email address of the billing administrator who you want to invite to the organization. This sends an email to the address that you specified. After the recipient completes the process of joining your organization in CodeRabbit, then their record appears in the user accounts list, under the **Billing Admins** tab. From 1d2404199cd468f445b7e79cd1cce4e16065ddef Mon Sep 17 00:00:00 2001 From: Jason McIntosh Date: Wed, 4 Jun 2025 11:46:57 -0400 Subject: [PATCH 3/6] Clarify the section abdout developer features --- docs/guides/rbac.md | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/docs/guides/rbac.md b/docs/guides/rbac.md index dc3dbd07..6934f5c8 100644 --- a/docs/guides/rbac.md +++ b/docs/guides/rbac.md @@ -43,9 +43,12 @@ permission or ownership level with your GitHub organization doesn't change as a ### CodeRabbit roles and developer features {#and-features} -CodeRabbit RBAC roles have no effect on using CodeRabbit developer features, such -as automated code reviews. In other words, if an organization has a Pro-tier -CodeRabbit account, then all developers working with its repositories can use Pro-tier features, regardless of RBAC. +CodeRabbit RBAC roles affect only access to administative features. Roles have no effect on using CodeRabbit developer features, such as automated code reviews. + +For example, if an organization has a Pro-tier +CodeRabbit account, then any user account with a seat assigned to it can use Pro-tier features with the organization's private repositories, regardless of that account's RBAC role. + +For more information on seat and subscription management, see [Manage your subscription](/getting-started/subscription-management). ## Default RBAC roles {#defaults} @@ -126,3 +129,7 @@ available to each of the CodeRabbit RBAC roles. | User Management | Read/Write | Read-only | Read-only | | Subscription Management | Read/Write | Read-only | Read/Write | | Billing Management | Read/Write | No access | Read/Write | + +## What's next {#whats-next} + +- [Manage your subscription](/getting-started/subscription-management) From 2de871beb8391fc5b09f1a54087167bb6240f895 Mon Sep 17 00:00:00 2001 From: Jason McIntosh Date: Wed, 4 Jun 2025 12:04:39 -0400 Subject: [PATCH 4/6] Create a new "Manage your account" ToC category. Move the new RBAC page and the existing subscription management page under it. --- sidebars.ts | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sidebars.ts b/sidebars.ts index 74ea0204..71dbeff8 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -68,6 +68,12 @@ const sidebars: SidebarsConfig = { }, ], }, + { + type: "category", + collapsed: true, + label: "Manage your account", + items: ["getting-started/subscription-management", "guides/rbac"], + }, { type: "category", collapsed: true, @@ -191,7 +197,6 @@ const sidebars: SidebarsConfig = { label: "Resources", items: [ "getting-started/support", - "getting-started/subscription-management", "overview/why-coderabbit", "faq", "early-access", From 66d45897c1a96e5d0e07060a0aa4a9b88de5e640 Mon Sep 17 00:00:00 2001 From: Jason McIntosh Date: Wed, 4 Jun 2025 12:11:00 -0400 Subject: [PATCH 5/6] Fix typos --- docs/guides/rbac.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/guides/rbac.md b/docs/guides/rbac.md index 6934f5c8..b77b6815 100644 --- a/docs/guides/rbac.md +++ b/docs/guides/rbac.md @@ -34,7 +34,7 @@ For a complete list of the administrative functions available to each role, see ### CodeRabbit roles and Git platform roles {#and-upstream} Modifying an account's CodeRabbit RBAC role doesn't have any "upstream" -effect on that account's role or permissions in your organization's Git platorm. +effect on that account's role or permissions in your organization's Git platform. Similarly, changes to an account's role on your organization's Git platform don't affect that account's CodeRabbit RBAC role. @@ -43,7 +43,7 @@ permission or ownership level with your GitHub organization doesn't change as a ### CodeRabbit roles and developer features {#and-features} -CodeRabbit RBAC roles affect only access to administative features. Roles have no effect on using CodeRabbit developer features, such as automated code reviews. +CodeRabbit RBAC roles affect only access to administrative features. Roles have no effect on using CodeRabbit developer features, such as automated code reviews. For example, if an organization has a Pro-tier CodeRabbit account, then any user account with a seat assigned to it can use Pro-tier features with the organization's private repositories, regardless of that account's RBAC role. @@ -114,7 +114,7 @@ This sends an email to the address that you specified. After the recipient compl ## Role permissions {#permissions} -The following table lists the CodeRabbit administative functionality +The following table lists the CodeRabbit administrative functionality available to each of the CodeRabbit RBAC roles. | Resource | Admin | Member | Billing Admin | From 44a8b82ceed5b92b7a96a8e65d7f4560825c63f7 Mon Sep 17 00:00:00 2001 From: Jason McIntosh Date: Wed, 4 Jun 2025 14:41:53 -0400 Subject: [PATCH 6/6] Let's call them just "roles", dropping all the "RBAC" references. Add links to this page from the What's-Next sections of other pages. --- docs/getting-started/adding-organizations.md | 4 ++ .../subscription-management.md | 4 ++ docs/guides/{rbac.md => roles.md} | 50 +++++++++---------- sidebars.ts | 4 +- 4 files changed, 35 insertions(+), 27 deletions(-) rename docs/guides/{rbac.md => roles.md} (78%) diff --git a/docs/getting-started/adding-organizations.md b/docs/getting-started/adding-organizations.md index 5f4b635b..66741daa 100644 --- a/docs/getting-started/adding-organizations.md +++ b/docs/getting-started/adding-organizations.md @@ -21,3 +21,7 @@ This will grant CodeRabbit access to the selected organization, allowing it to: - Access user email addresses (read-only) > Note: Organizations control which applications are allowed to access their private data. You may need organization admin approval to complete this process. + +## What's next {#whats-next} + +- [Manage your subscription](/getting-started/subscription-management) diff --git a/docs/getting-started/subscription-management.md b/docs/getting-started/subscription-management.md index 4483ce78..6eabd3ee 100644 --- a/docs/getting-started/subscription-management.md +++ b/docs/getting-started/subscription-management.md @@ -57,3 +57,7 @@ To modify the number of seats in your subscription: ![Changing your plan](../../static/img/getting-started/edit-subscription.png) ![Changing your plan](../../static/img/getting-started/change-seats.png) + +## What's next {#whats-next} + +- [Control administrative access](/guides/roles) diff --git a/docs/guides/rbac.md b/docs/guides/roles.md similarity index 78% rename from docs/guides/rbac.md rename to docs/guides/roles.md index b77b6815..10405425 100644 --- a/docs/guides/rbac.md +++ b/docs/guides/roles.md @@ -1,21 +1,21 @@ --- title: Control administrative access -description: Using the role-based authorization feature (RBAC) of CodeRabbit +description: Using the role-based authorization features of CodeRabbit --- You can control which CodeRabbit -administrative features are available to your organization's user accounts by using -role-based access control (RBAC). +administrative features are available to your organization's user accounts by +assigning and updating account roles. -## Overview of CodeRabbit RBAC {#overview} +## Overview of CodeRabbit roles {#overview} -Every CodeRabbit account has exactly one RBAC role for each organization +Every CodeRabbit account has exactly one role for each organization that account is associated with. For example, if you belong to two GitHub-based organizations that use -CodeRabbit, then you have one CodeRabbit RBAC role set for each of those two +CodeRabbit, then you have one CodeRabbit role set for each of those two organizations. -CodeRabbit RBAC roles determine your ability to read or change various +CodeRabbit roles determine your ability to read or change various billing, account management, and other administrative functions related to an organization. The roles are as follows: @@ -25,7 +25,7 @@ an organization. The roles are as follows: - **Billing Admin**: allows read/write access to features specific to a subscription and billing management, and limited access to other administrative features. -CodeRabbit users with the **Admin** role can modify the RBAC roles of other users in the +CodeRabbit users with the **Admin** role can modify the roles of other users in the organization. For a complete list of the administrative functions available to each role, see @@ -33,55 +33,55 @@ For a complete list of the administrative functions available to each role, see ### CodeRabbit roles and Git platform roles {#and-upstream} -Modifying an account's CodeRabbit RBAC role doesn't have any "upstream" +Modifying an account's CodeRabbit role doesn't have any "upstream" effect on that account's role or permissions in your organization's Git platform. Similarly, changes to an account's role on your organization's Git platform don't -affect that account's CodeRabbit RBAC role. +affect that account's CodeRabbit role. For example, if you have CodeRabbit integrated with a GitHub organization, and you change an account's CodeRabbit role from **Member** to **Admin**, then that account's permission or ownership level with your GitHub organization doesn't change as a result. ### CodeRabbit roles and developer features {#and-features} -CodeRabbit RBAC roles affect only access to administrative features. Roles have no effect on using CodeRabbit developer features, such as automated code reviews. +CodeRabbit roles affect only access to administrative features. Roles have no effect on using CodeRabbit developer features, such as automated code reviews. For example, if an organization has a Pro-tier -CodeRabbit account, then any user account with a seat assigned to it can use Pro-tier features with the organization's private repositories, regardless of that account's RBAC role. +CodeRabbit account, then any user account with a seat assigned to it can use Pro-tier features with the organization's private repositories, regardless of that account's role. For more information on seat and subscription management, see [Manage your subscription](/getting-started/subscription-management). -## Default RBAC roles {#defaults} +## Default roles {#defaults} -CodeRabbit assigns every user account in your organization a default RBAC role, +CodeRabbit assigns every user account in your organization a default role, using the following metrics: - If a user has an ownership-level role with the Git platform organization—for example, **Admin** on GitHub, or **Owner** on Bitbucket—then that user receives the default - CodeRabbit RBAC role of **Admin**. -- Otherwise, the user receives the **Member** RBAC role by default. + CodeRabbit role of **Admin**. +- Otherwise, the user receives the **Member** role by default. You can update a user's role from its default setting by following the steps detailed in the next section. This requires that your own account -has an **Admin** RBAC role with the organization. +has an **Admin** role with the organization. -CodeRabbit applies these defaults only when initially setting up RBAC for an +CodeRabbit applies these defaults only when initially setting up for an account within an organization. Subsequent "upstream" role changes don't affect an account's CodeRabbit role. -## View or set RBAC roles {#how-to} +## View or set roles {#how-to} -You can view and set RBAC roles from the CodeRabbit dashboard, as detailed in the +You can view and set roles from the CodeRabbit dashboard, as detailed in the following sections. ### View roles {#view-roles} -To view a list of your organization's RBAC role assignments, follow these steps: +To view a list of your organization's role assignments, follow these steps: 1. Go to the [CodeRabbit dashboard](https://app.coderabbit.ai/settings/repositories). 1. At the top of the sidebar, select the organization whose user roles you want to view. 1. On the sidebar, click **Subscription**. This displays a table of all of the CodeRabbit **Admin** and **Member** accounts associated with the selected -organization. In this table, the **Role** column displays the CodeRabbit RBAC role for +organization. In this table, the **Role** column displays the CodeRabbit role for each account. To view a list of accounts with the **Billing Admin** role, click the **Billing Admins** tab located above the table of user accounts. @@ -89,10 +89,10 @@ To view a list of accounts with the **Billing Admin** role, click the **Billing ### Set roles {#set-roles} :::note -To modify users' CodeRabbit accounts, your own account must have the **Admin** RBAC role within your organization. +To modify users' CodeRabbit accounts, your own account must have the **Admin** role within your organization. ::: -To change a user account's RBAC role, follow these steps: +To change a user account's CodeRabbit role, follow these steps: 1. Go to your organization's list of user accounts, as detailed in the previous section. If you have the **Admin** role within this organization, then the **Role** column in the user accounts table contains selectable menus. @@ -115,7 +115,7 @@ This sends an email to the address that you specified. After the recipient compl ## Role permissions {#permissions} The following table lists the CodeRabbit administrative functionality -available to each of the CodeRabbit RBAC roles. +available to each of the CodeRabbit roles. | Resource | Admin | Member | Billing Admin | | ----------------------- | ---------- | --------- | ------------- | diff --git a/sidebars.ts b/sidebars.ts index 71dbeff8..76161984 100644 --- a/sidebars.ts +++ b/sidebars.ts @@ -72,7 +72,7 @@ const sidebars: SidebarsConfig = { type: "category", collapsed: true, label: "Manage your account", - items: ["getting-started/subscription-management", "guides/rbac"], + items: ["getting-started/subscription-management", "guides/roles"], }, { type: "category", @@ -83,7 +83,7 @@ const sidebars: SidebarsConfig = { "integrations/knowledge-base", "guides/review-instructions", "tools/tools", - "guides/rbac", + "guides/roles", ], }, {