Skip to content

Commit

Permalink
Adding a new role for marketplace apps (#5815)
Browse files Browse the repository at this point in the history 
## What are you changing in this pull request and why?

Adds the new marketplace app permission and role to the enterprise table
Adds the role as assignable to service tokens
Adds the role as a pre-requisite for the Snowflake Native App

## Checklist
<!--
Uncomment when publishing docs for a prerelease version of dbt:
- [ ] Add versioning components, as described in [Versioning
Docs](https://github.com/dbt-labs/docs.getdbt.com/blob/current/contributing/single-sourcing-content.md#versioning-entire-pages)
- [ ] Add a note to the prerelease version [Migration
Guide](https://github.com/dbt-labs/docs.getdbt.com/tree/current/website/docs/docs/dbt-versions/core-upgrade)
-->
- [ ] Review the [Content style
guide](https://github.com/dbt-labs/docs.getdbt.com/blob/current/contributing/content-style-guide.md)
so my content adheres to these guidelines.
- [ ] For [docs
versioning](https://github.com/dbt-labs/docs.getdbt.com/blob/current/contributing/single-sourcing-content.md#about-versioning),
review how to [version a whole
page](https://github.com/dbt-labs/docs.getdbt.com/blob/current/contributing/single-sourcing-content.md#adding-a-new-version)
and [version a block of
content](https://github.com/dbt-labs/docs.getdbt.com/blob/current/contributing/single-sourcing-content.md#versioning-blocks-of-content).
- [ ] Add a checklist item for anything that needs to happen before this
PR is merged, such as "needs technical review" or "change base branch."

Adding or removing pages (delete if not applicable):
- [ ] Add/remove page in `website/sidebars.js`
- [ ] Provide a unique filename for new pages
- [ ] Add an entry for deleted pages in `website/vercel.json`
- [ ] Run link testing locally with `npm run build` to update the links
that point to deleted pages

---------

Co-authored-by: Leona B. Campbell <[email protected]>
  • Loading branch information
@matthewshaver @runleonarun
matthewshaver and runleonarun authored Jul 23, 2024
1 parent 49a0498 commit d0a35ed
Show file tree
Hide file tree
Showing 3 changed files with 21 additions and 16 deletions.
3 changes: 2 additions & 1 deletion website/docs/docs/cloud-integrations/set-up-snowflake-native-app.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,10 @@ Configure dbt Cloud and Snowflake Cortex to power the **Ask dbt** chatbot.
Make sure to replace `SNOWFLAKE.CORTEX_USER`, `DEPLOYMENT_USER`, and `SL_USER` with the appropriate strings for your environment.

## Configure dbt Cloud
Collect three pieces of information from dbt Cloud to set up the application.
Collect the following pieces of information from dbt Cloud to set up the application.

1. From the gear menu in dbt Cloud, select **Account settings**. In the left sidebar, select **API tokens > Service tokens**. Create a service token with access to all the projects you want to access in the dbt Snowflake Native App. Grant these permission sets:
- **Manage marketplace apps**
- **Job Admin**
- **Metadata Only**
- **Semantic Layer Only**
Expand Down
3 changes: 3 additions & 0 deletions website/docs/docs/dbt-cloud-apis/service-tokens.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,9 @@ Security Admin service tokens have certain account-level permissions. For more
**Billing Admin** <br/>
Billing Admin service tokens have certain account-level permissions. For more on these permissions, see [Billing Admin](/docs/cloud/manage-access/enterprise-permissions#billing-admin).

**Manage marketplace apps** <br/>
Used only for service tokens assigned to marketplace apps (for example, the [Snowflake Native app](/docs/cloud-integrations/snowflake-native-app)).

**Metadata Only**<br/>
Metadata-only service tokens authorize requests to the Discovery API.

Expand Down
31 changes: 16 additions & 15 deletions website/snippets/_enterprise-permissions-table.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,21 +14,22 @@ Account roles enable you to manage the dbt Cloud account and manage the account

#### Account permissions for account roles

| Account-level permission| Account Admin | Billing admin | Project creator | Security admin | Viewer |
|:-------------------------|:-------------:|:-------------:|:---------------:|:--------------:|:------:|
| Account settings | W | | R | R | R |
| Audit logs | R | | | R | R |
| Auth provider | W | | | W | R |
| Billing | W | W | | | R |
| Groups | W | | R | W | R |
| Invitations | W | | W | W | R |
| IP restrictions | W | | | W | R |
| Licenses | W | | W | W | R |
| Members | W | | W | W | R |
| Project (create) | W | | W | | |
| Public models | R | R | R | R | R |
| Service tokens | W | | | R | R |
| Webhooks | W | | | | |
| Account-level permission| Account Admin | Billing admin | Manage <br></br> marketplace <br></br> apps | Project creator | Security admin | Viewer |
|:-------------------------|:-------------:|:------------:|:-------------------------:|:---------------:|:--------------:|:------:|
| Account settings | W | | | R | R | R |
| Audit logs | R | | | | R | R |
| Auth provider | W | | | | W | R |
| Billing | W | W | | | | R |
| Groups | W | | | R | W | R |
| Invitations | W | | | W | W | R |
| IP restrictions | W | | | | W | R |
| Licenses | W | | | W | W | R |
| Marketplace app | | | W | | | |
| Members | W | | | W | W | R |
| Project (create) | W | | | W | | |
| Public models | R | R | | R | R | R |
| Service tokens | W | | | | R | R |
| Webhooks | W | | | | | |

#### Project permissions for account roles

Expand Down

0 comments on commit d0a35ed

Please sign in to comment.