From 2677322a5ce463db58a2fd7b816fd1f8ecfd093e Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Thu, 2 Jan 2025 15:54:43 -0500 Subject: [PATCH 1/4] fix ZT permissions --- .../fundamentals/api/reference/permissions.mdx | 4 ++-- .../fundamentals/account-permissions-table.mdx | 16 ++++++++-------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/src/content/docs/fundamentals/api/reference/permissions.mdx b/src/content/docs/fundamentals/api/reference/permissions.mdx index a47dffbcf817981..04b6c4e0c2dded0 100644 --- a/src/content/docs/fundamentals/api/reference/permissions.mdx +++ b/src/content/docs/fundamentals/api/reference/permissions.mdx @@ -39,14 +39,14 @@ The applicable scope of account permissions is `com.cloudflare.api.account`. diff --git a/src/content/partials/fundamentals/account-permissions-table.mdx b/src/content/partials/fundamentals/account-permissions-table.mdx index ca5ca5450f76adf..1d358c171c49cf1 100644 --- a/src/content/partials/fundamentals/account-permissions-table.mdx +++ b/src/content/partials/fundamentals/account-permissions-table.mdx @@ -1,5 +1,5 @@ --- -inputParameters: editWord;;editProduct;;cloudflareName +inputParameters: editWord;;cloudflareName --- import { Markdown } from "~/components"; @@ -65,10 +65,10 @@ import { Markdown } from "~/components"; | Cloudflare One Connectors {props.one} | Grants write access to Cloudflare One Connectors | | Cloudflare One Networks Read | Grants read access to Cloudflare One Networks | | Cloudflare One Networks {props.one} | Grants write access to Cloudflare One Networks | -| {props.three} Pages Read | Grants access to view [Cloudflare Pages](/pages/) projects. | -| {props.three} Pages {props.one} | Grants access to create, edit and delete [Cloudflare Pages](/pages/) projects. | -| {props.two} Tunnel Read | Grants access to view [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). | -| {props.two} Tunnel {props.one} | Grants access to create and delete [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). | +| {props.two} Pages Read | Grants access to view [Cloudflare Pages](/pages/) projects. | +| {props.two} Pages {props.one} | Grants access to create, edit and delete [Cloudflare Pages](/pages/) projects. | +| Cloudflare Tunnel Read | Grants access to view [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). | +| Cloudflare Tunnel {props.one} | Grants access to create and delete [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). | | Cloudforce One Read | Grants read access to Cloudforce One. | | Cloudforce One {props.one} | Grants write access to Cloudforce One. | | Cloud Email Security Read | Grants read access to [Cloud Email Security](/email-security/). | @@ -146,6 +146,6 @@ import { Markdown } from "~/components"; | Zero Trust Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/). | | Zero Trust Report | Grants reporting access to [Cloudflare Zero Trust](/cloudflare-one/). | | Zero Trust {props.one} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/). | -| Zero Trust PII Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/) PII. | -| Zero Trust PII {props.one} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/) PII. | -| Zero Trust Seats {props.one} | Grants write access to the number of [Zero Trust Seats](/cloudflare-one/identity/users/seat-management/) your organization can use (and be billed for). | +| Zero Trust: PII Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/) PII. | +| Zero Trust: PII {props.one} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/) PII. | +| Zero Trust: Seats {props.one} | Grants write access to the number of [Zero Trust Seats](/cloudflare-one/identity/users/seat-management/) your organization can use (and be billed for). | From 9bde570f162b05a81fb93162d4581e724d14b595 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Thu, 2 Jan 2025 18:01:49 -0500 Subject: [PATCH 2/4] update descriptions --- .../fundamentals/account-permissions-table.mdx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/content/partials/fundamentals/account-permissions-table.mdx b/src/content/partials/fundamentals/account-permissions-table.mdx index 1d358c171c49cf1..d07a928c2c98ea9 100644 --- a/src/content/partials/fundamentals/account-permissions-table.mdx +++ b/src/content/partials/fundamentals/account-permissions-table.mdx @@ -21,8 +21,8 @@ import { Markdown } from "~/components"; | Access: Organizations, Identity Providers, and Groups {props.one} | Grants write access to [Cloudflare Access account resources](/cloudflare-one/identity/). | | Access: Service Tokens Read | Grants read access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). | | Access: Service Tokens {props.one} | Grants write access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). | -| Access: SSH Auditing Read | Grants read access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). | -| Access: SSH Auditing {props.one} | Grants write access to [SSH Auditing](/cloudflare-one/policies/gateway/network-policies/ssh-logging/). | +| Access: SSH Auditing Read | Grants read access to [Cloudflare Access SSH CAs](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/). | +| Access: SSH Auditing {props.one} | Grants write access to [Cloudflare Access SSH CAs](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/). | | Account Analytics Read | Grants read access to [account analytics](/analytics/account-and-zone-analytics/account-analytics/). | | Account Custom Pages Read | Grants read access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). | | Account Custom Pages {props.one} | Grants write access to account-level [Custom Pages](/support/more-dashboard-apps/cloudflare-custom-pages/configuring-custom-pages-error-and-challenge/). | @@ -58,11 +58,11 @@ import { Markdown } from "~/components"; | Cloudflare Images Read | Grants read access to [Cloudflare Images](/images/). | | Cloudflare Images {props.one} | Grants write access to [Cloudflare Images](/images/). | | Cloudflare One Connector: cloudflared Read | Grants read access to `cloudflared` Connectors | -| Cloudflare One Connector: cloudflared {props.one} | Grants write access to `cloudflared` Connectors | -| Cloudflare One Connector: WARP Read | Grants read access to Warp Connectors | -| Cloudflare One Connector: WARP {props.one} | Grants write access to Warp Connectors | -| Cloudflare One Connectors Read | Grants read access to Cloudflare One Connectors | -| Cloudflare One Connectors {props.one} | Grants write access to Cloudflare One Connectors | +| Cloudflare One Connector: cloudflared {props.one} | Grants write access to `cloudflared` connectors | +| Cloudflare One Connector: WARP Read | Grants read access to Cloudflare Tunnel WARP Connectors | +| Cloudflare One Connector: WARP {props.one} | Grants write access to Cloudflare Tunnel WARP Connectors | +| Cloudflare One Connectors Read | Grants read access to Cloudflare Tunnel connectors | +| Cloudflare One Connectors {props.one} | Grants write access to Cloudflare Tunnel connectors | | Cloudflare One Networks Read | Grants read access to Cloudflare One Networks | | Cloudflare One Networks {props.one} | Grants write access to Cloudflare One Networks | | {props.two} Pages Read | Grants access to view [Cloudflare Pages](/pages/) projects. | From 23bc0b05ad2c2fc6ee9342bf8069f4033a314eb1 Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Thu, 2 Jan 2025 18:56:35 -0500 Subject: [PATCH 3/4] update descriptions --- .../account-permissions-table.mdx | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/content/partials/fundamentals/account-permissions-table.mdx b/src/content/partials/fundamentals/account-permissions-table.mdx index d07a928c2c98ea9..50ca9024afa23aa 100644 --- a/src/content/partials/fundamentals/account-permissions-table.mdx +++ b/src/content/partials/fundamentals/account-permissions-table.mdx @@ -6,21 +6,21 @@ import { Markdown } from "~/components"; | Name | Description | | ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | -| Access: Apps and Policies Read | Grants read access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. | -| Access: Apps and Policies Revoke | Grants ability to revoke all tokens to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. | -| Access: Apps and Policies {props.one} | Grants write access to [Cloudflare Access](/cloudflare-one/policies/access/) account resources. | +| Access: Apps and Policies Read | Grants read access to [Cloudflare Access](/cloudflare-one/policies/access/) applications and policies | +| Access: Apps and Policies Revoke | Grants ability to revoke [Cloudflare Access application tokens](/cloudflare-one/identity/users/session-management/) | +| Access: Apps and Policies {props.one} | Grants write access to [Cloudflare Access](/cloudflare-one/policies/access/) applications and policies | | Access: Audit Logs Read | Grants read access to [Cloudflare Access audit logs](/cloudflare-one/insights/logs/audit-logs/). | -| Access: Custom Pages Read | Grants read access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). | -| Access: Custom Pages {props.one} | Grants write access to [Cloudflare Access Custom Pages](/cloudflare-one/policies/gateway/block-page/). | -| Access: Device Posture Read | Grants read access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). | -| Access: Device Posture {props.one} | Grants write access to [Cloudflare Access Device Posture](/cloudflare-one/identity/devices/). | +| Access: Custom Pages Read | Grants read access to [Cloudflare Access custom block pages](/cloudflare-one/applications/block-page/). | +| Access: Custom Pages {props.one} | Grants write access to [Cloudflare Access custom block pages](/cloudflare-one/applications/block-page/). | +| Access: Device Posture Read | Grants read access to [Cloudflare Access device posture](/cloudflare-one/identity/devices/). | +| Access: Device Posture {props.one} | Grants write access to [Cloudflare Access device posture](/cloudflare-one/identity/devices/). | | Access: Mutual TLS Certificates Read | Grants read access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). | | Access: Mutual TLS Certificates {props.one} | Grants write access to [Cloudflare Access mTLS certificates](/cloudflare-one/identity/devices/access-integrations/mutual-tls-authentication/). | | Access: Organizations, Identity Providers, and Groups Read | Grants read access to [Cloudflare Access account resources](/cloudflare-one/identity/). | | Access: Organizations, Identity Providers, and Groups Revoke | Grants ability to revoke user sessions to [Cloudflare Access account resources](/cloudflare-one/identity/). | | Access: Organizations, Identity Providers, and Groups {props.one} | Grants write access to [Cloudflare Access account resources](/cloudflare-one/identity/). | -| Access: Service Tokens Read | Grants read access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). | -| Access: Service Tokens {props.one} | Grants write access to [Cloudflare Access Service Tokens](/cloudflare-one/identity/service-tokens/). | +| Access: Service Tokens Read | Grants read access to [Cloudflare Access service tokens](/cloudflare-one/identity/service-tokens/). | +| Access: Service Tokens {props.one} | Grants write access to [Cloudflare Access service tokens](/cloudflare-one/identity/service-tokens/). | | Access: SSH Auditing Read | Grants read access to [Cloudflare Access SSH CAs](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/). | | Access: SSH Auditing {props.one} | Grants write access to [Cloudflare Access SSH CAs](/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access/). | | Account Analytics Read | Grants read access to [account analytics](/analytics/account-and-zone-analytics/account-analytics/). | @@ -63,8 +63,8 @@ import { Markdown } from "~/components"; | Cloudflare One Connector: WARP {props.one} | Grants write access to Cloudflare Tunnel WARP Connectors | | Cloudflare One Connectors Read | Grants read access to Cloudflare Tunnel connectors | | Cloudflare One Connectors {props.one} | Grants write access to Cloudflare Tunnel connectors | -| Cloudflare One Networks Read | Grants read access to Cloudflare One Networks | -| Cloudflare One Networks {props.one} | Grants write access to Cloudflare One Networks | +| Cloudflare One Networks Read | Grants read access to Cloudflare One routes and virtual networks | +| Cloudflare One Networks {props.one} | Grants write access to Cloudflare One routes and virtual networks | | {props.two} Pages Read | Grants access to view [Cloudflare Pages](/pages/) projects. | | {props.two} Pages {props.one} | Grants access to create, edit and delete [Cloudflare Pages](/pages/) projects. | | Cloudflare Tunnel Read | Grants access to view [Cloudflare Tunnels](/cloudflare-one/connections/connect-networks/). | @@ -143,9 +143,9 @@ import { Markdown } from "~/components"; | Workers Scripts Read | Grants read access to [Cloudflare Workers scripts](/workers/). | | Workers Scripts {props.one} | Grants write access to [Cloudflare Workers scripts](/workers/). | | Workers Tail Read | Grants [`wrangler tail`](/workers/wrangler/commands/#tail) read permissions. | -| Zero Trust Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/). | +| Zero Trust Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/) resources. | | Zero Trust Report | Grants reporting access to [Cloudflare Zero Trust](/cloudflare-one/). | -| Zero Trust {props.one} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/). | +| Zero Trust {props.one} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/) resources. | | Zero Trust: PII Read | Grants read access to [Cloudflare Zero Trust](/cloudflare-one/) PII. | | Zero Trust: PII {props.one} | Grants write access to [Cloudflare Zero Trust](/cloudflare-one/) PII. | -| Zero Trust: Seats {props.one} | Grants write access to the number of [Zero Trust Seats](/cloudflare-one/identity/users/seat-management/) your organization can use (and be billed for). | +| Zero Trust: Seats {props.one} | Grants write access to the [Zero Trust seats](/cloudflare-one/identity/users/seat-management/) your organization can use (and be billed for). | From c3dd05cbe1cad99d71391fe5a6bfdd88b1406d6c Mon Sep 17 00:00:00 2001 From: Ranbel Sun Date: Fri, 3 Jan 2025 13:13:17 -0500 Subject: [PATCH 4/4] make tunnel descriptions consistent --- .../partials/fundamentals/account-permissions-table.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/content/partials/fundamentals/account-permissions-table.mdx b/src/content/partials/fundamentals/account-permissions-table.mdx index 50ca9024afa23aa..7ccd7559af89a5e 100644 --- a/src/content/partials/fundamentals/account-permissions-table.mdx +++ b/src/content/partials/fundamentals/account-permissions-table.mdx @@ -57,8 +57,8 @@ import { Markdown } from "~/components"; | Cloudflare DEX {props.one} | Grants write access to [Digital Experience Monitoring](/cloudflare-one/insights/dex/). | | Cloudflare Images Read | Grants read access to [Cloudflare Images](/images/). | | Cloudflare Images {props.one} | Grants write access to [Cloudflare Images](/images/). | -| Cloudflare One Connector: cloudflared Read | Grants read access to `cloudflared` Connectors | -| Cloudflare One Connector: cloudflared {props.one} | Grants write access to `cloudflared` connectors | +| Cloudflare One Connector: cloudflared Read | Grants read access to Cloudflare Tunnel `cloudflared` connectors | +| Cloudflare One Connector: cloudflared {props.one} | Grants write access to Cloudflare Tunnel `cloudflared` connectors | | Cloudflare One Connector: WARP Read | Grants read access to Cloudflare Tunnel WARP Connectors | | Cloudflare One Connector: WARP {props.one} | Grants write access to Cloudflare Tunnel WARP Connectors | | Cloudflare One Connectors Read | Grants read access to Cloudflare Tunnel connectors |