(DOCSP-5607): SaaS data source permission model updates (#184)

* (DOCSP-5607): SaaS data source permission model updates

* Removing reference to reader role

* Removing weird interaction between dashboard owners and ds viewers

* Updates per Steve's feedback

* quick fixes

* Updates per Tom's feedback

* Cleanup

Author: jeff-allen-mongo

source/build-charts.txt

@@ -1,3 +1,5 @@
+.. _build-charts:
+
 ============
 Build Charts
 ============

source/dashboard-permissions.txt

@@ -42,7 +42,7 @@ following dashboard permissions are available:
    * - Owner
      - Has all privileges of ``Author`` and can also
        :ref:`manage permissions <dashboard-permissions>` on the
-       dasbhoard and :ref:`delete the dashboard
+       dashboard and :ref:`delete the dashboard
        <dashboard-delete>`.
 
        The creator of the dashboard automatically has the

source/dashboards.txt

@@ -1,3 +1,5 @@
+.. _dashboards:
+
 ==========
 Dashboards
 ==========
@@ -135,7 +137,7 @@ Fullscreen View
 ---------------
 
 |charts| provides a fullscreen view for dashboards. In this view,
-|charts| hides the main navigation bar and exapands the dashboard to
+|charts| hides the main navigation bar and expands the dashboard to
 show the title, description, time of last modification, and charts in
 the entire space of the screen.
 

source/data-source-permissions.txt

@@ -4,10 +4,25 @@
 Data Source Permissions
 =======================
 
-Data source permissions dictate which users in your |service|
-project have access to the data source and the actions they can perform
-on the data source. The following data source permissions are
-available:
+.. default-domain:: mongodb
+
+.. contents:: On this page
+   :local:
+   :backlinks: none
+   :depth: 1
+   :class: singlecol
+
+Data source permissions dictate which actions users in your |service|
+project can perform on the data source. You can also set data source
+permissions to make a data source only visible to a subset of users.
+
+|service| automatically grants data source permissions based on a
+user's :atlas:`Atlas role </reference/user-roles/>`. You must
+manually :ref:`grant permissions <data-source-set-permissions>`
+to users with the ``Project Read Only`` |service| role to allow
+those users to view charts which use a particular data source.
+
+The following table describes the data source permission levels:
 
 .. _data-source-roles:
 
@@ -17,25 +32,69 @@ available:
 
    * - Permission
      - Description
+   * - .. data:: Viewer
+     - Can view any chart on a dashboard that uses the data source.
+       You can grant this permission to
+       :ref:`specific users <data-source-specific-access>` or
+       :ref:`everyone in the Atlas project
+       <data-source-access-everyone>` for the given data source.
+
+       Data source ``Viewers`` cannot see the data source in the
+       :ref:`Data Sources list <data-sources-view>`, or
+       in the :guilabel:`Data Source` dropdown in the
+       :ref:`Chart Builder <build-charts>`.
+
+   * - .. data:: Author
+     - Inherits all actions from ``Viewer`` and can also
+       create and edit charts using the data source.
+
+       Users who have one of the following
+       :atlas:`Atlas roles </reference/user-roles/>` automatically have
+       the ``Author`` permission on all data sources:
+
+       - ``Project Data Access Read Only``
+       - ``Project Data Access Read / Write``
+       - ``Project Data Access Admin``
+
+       .. note::
+
+          If you create a data source and do not have the
+          ``Project Owner``
+          :atlas:`Atlas role </reference/user-roles/>`, you will
+          not be an ``Owner`` of that data source. The ``Owner``
+          data source permission is reserved for users with the
+          ``Project Owner`` |service| role.
+
+   * - .. data:: Owner
+     - Inherits all permissions from ``Author`` and can also
+       :ref:`manage all aspects of the data source
+       <manage-existing-data-sources>`.
+       
+       Users with the ``Project Owner``
+       :atlas:`Atlas role </reference/user-roles/>` automatically
+       have the ``Owner`` permission on all data sources.
+
+Modify Data Source Authors and Owners
+-------------------------------------
+
+|service| automatically assigns data source permissions to users based
+on their :atlas:`Atlas roles </reference/user-roles/>`. As such, to
+modify data source :data:`Authors <Author>` and :data:`Owners <Owner>`,
+you must do so through the |service| :guilabel:`Access Management` page.
+
+To access the |service| :guilabel:`Access Management`:
+
+1. Click :guilabel:`Atlas` at the top-left of |charts-short| to return
+   to your |service| :guilabel:`Clusters` view.
 
-   * - Reader
-     - Can access the data source by viewing existing charts or
-       creating new charts which use the data source.
+#. Click :guilabel:`Access Management` in the left navigation.
 
-   * - Manager
-     - Has all privileges of ``Reader`` and can also
-       :ref:`modify the alias <mod-data-source-alias>` of a data
-       source.
+#. Click :guilabel:`Edit Permissions` for a user whose permissions you
+   wish to change.
 
-   * - Owner
-     - Has all privileges of ``Manager`` and can also
-       :ref:`manage permissions <mod-data-source-permissions>` on the
-       data source and :ref:`remove the data source
-       <charts-remove-data-source>`.
+#. Select new permission levels in the dropdown.
 
-       The creator of the data source automatically has the
-       ``Owner`` role. The creator cannot be removed from the list of
-       data source users and thier ``Owner`` role cannot be modified.
+#. Click the green check mark to save your changes.
 
 View Data Source Permissions
 ----------------------------
@@ -58,19 +117,16 @@ permissions:
    * - Icon
      - Description
 
-   * - :icon:`eye` Eye Icon
-     - You have ``Reader`` permission.
-
    * - :icon:`globe` Globe Icon
-     - You have either ``Manager`` or ``Owner`` permission and
-       :ref:`Everyone <data-source-access-everyone>` in your |service|
-       `project <https://docs.atlas.mongodb.com/tutorial/manage-projects/>`__
+     - You have either ``Author`` or ``Owner`` permission and
+       :ref:`Everyone <data-source-access-everyone>` in your
+       :atlas:`Atlas project </tutorial/manage-projects/>`
        has some level of access to the data source.
 
    * - :icon:`users` Group Icon
-     - You have either ``Manager`` or ``Owner`` permission and
+     - You have either ``Author`` or ``Owner`` permission and
        :ref:`additional users <data-source-specific-access>` have
-       some level of access to the data source.
+       ``Viewer`` permission on the data source.
 
    * - :icon:`lock` Lock Icon
      - You have ``Owner`` permission and no other user has
@@ -81,10 +137,13 @@ permissions:
 Set Data Source Permissions
 ---------------------------
 
-You can set data source permissions when you first
-:ref:`add a data source <add-data-source>`, or you can
-:ref:`modify permissions <mod-data-source-permissions>` on a data
-source which has already been created.
+If you are a data source :data:`Owner`, you can:
+
+- Set data source permissions when you first
+  :ref:`add a data source <add-data-source>`, and
+
+- :ref:`Modify permissions <mod-data-source-permissions>` on a data
+  source which has already been created.
 
 Refer to the following sections for instructions on granting
 :ref:`specific users <data-source-specific-access>` permissions on a
@@ -97,30 +156,24 @@ data source and granting
 Specific User Access
 ~~~~~~~~~~~~~~~~~~~~
 
-To grant specific users from your |service| project permissions on
-your data source:
+.. note::
+
+   You can only share data sources with users who are members of
+   the |service| project associated with your |charts-short|
+   instance.
+
+To grant specific users with the ``Project Read Only``
+:atlas:`Atlas role </reference/user-roles/>` permission to view
+charts which use your data source:
 
 1. Search for the desired user using the search bar directly above
    where the data source users are listed. You can search for users
    by their username or email address.
 
-   .. note::
-
-      You can only share data sources with users who are members of
-      the |service| project associated with your |charts-short|
-      instance.
-
 #. Click the desired user to add them to the permissions list.
 
-#. Use the dropdown to the right of the user's name to assign the
-   appropriate :ref:`role <data-source-roles>`.
-
 #. Repeat steps 1-3 for each user you wish to grant data source access.
 
-.. figure:: /images/charts/data-source-permissions-saas.gif
-   :alt: Adding a data source user
-   :figwidth: 721px
-
 To remove access for a user you have added, click the trash can icon
 to the right of the user's name.
 
@@ -129,28 +182,21 @@ to the right of the user's name.
 Access for All Users
 ~~~~~~~~~~~~~~~~~~~~
 
-.. note::
-
-   When you create a data source, |service| assigns the
-   :ref:`Reader <data-source-roles>` permission to every user in your
-   |service| project by default.
+You can the grant the :data:`Viewer` permission to all users with the
+``Project Read Only`` :atlas:`Atlas role </reference/user-roles/>`.
+This allows all users to view any chart on a dashboard that uses that
+data source.
 
-To grant all users in your |service| project permissions on your data
-source:
+To grant all users the :data:`Viewer` permission, toggle the switch on
+the right-side of the :guilabel:`Everyone in <Project Name>` user to
+``On``.
 
-1. Toggle the switch on the right-side of the :guilabel:`Everyone in
-   <Project Name>` user to ``On``.
-
-#. Select the :ref:`role <data-source-roles>` to apply to all
-   users in your |service| project.
-
-   .. note::
+.. note::
 
-      If permissions are assigned to both :guilabel:`Everyone` in your
-      project and a specific user, the user's specific permissions
-      take precedence over the permissions set to :guilabel:`Everyone`.
+   If you enable the :data:`Viewer` permission for everyone in your
+   project, a user's specific permissions take precedence over the
+   permissions set to :guilabel:`Everyone`.
 
-      For example, if :guilabel:`Everyone` has the ``Manager``
-      permission on a data source and a specific user Alice has the
-      ``Reader`` permission, Alice's effective permission level is
-      ``Reader``.
+   For example, if you grant :data:`Viewer` to all users and
+   the :data:`Author` permission to a user named Alice, Alice's
+   effective permission level is ``Author``.

source/data-sources.txt

@@ -17,7 +17,7 @@ Data Sources
 Data sources in |charts| reference a :ref:`collection <collections>`
 or :ref:`view <3.4-reference-views>` in your MongoDB
 deployment. The fields in that collection or view can be used
-to contruct a chart. When building a chart, you will need to specify
+to construct a chart. When building a chart, you will need to specify
 the data source that the chart uses.
 
 To view, add, or remove data sources, click :guilabel:`Data Sources` on
@@ -122,9 +122,9 @@ Add a Data Source
 
 #. Set the :ref:`permissions <permission-model>` for the data source.
 
-   By default, |service| assigns the :ref:`Reader <data-source-roles>`
-   permission to every user in the project. To change a user's permission,
-   search for the user by name or email address using the search bar.
+   You can assign the :data:`Viewer` permission to every user in the
+   project. To assign a user a specific permission level, search for
+   the user by name or email address using the search bar.
 
    .. note::
 

source/embedding-charts.txt

@@ -1,8 +1,8 @@
 .. _embedding-charts:
 
-========================================
-Embedding Charts in Your Web Application
-========================================
+====================================
+Embed Charts in Your Web Application
+====================================
 
 .. default-domain:: mongodb
 

source/filter-documents.txt

@@ -15,7 +15,7 @@ Filter Documents in the Visualization
 Filters display a subset of results that match a given criteria.
 |charts| provides two ways to filter your data. You can either use:
 
-- The :ref:`Filter Tab <filter-tab>` in the Chart Builter, or
+- The :ref:`Filter Tab <filter-tab>` in the Chart Builder, or
 
 - The :ref:`Query Bar <query-bar>` above the chart display.
 

source/manage-dashboards.txt

@@ -150,7 +150,7 @@ Resize a Chart
 ~~~~~~~~~~~~~~
 
 To resize a chart, hover over the chart and drag the bottom-right
-corner until the appearing blue rectangle reaches the deired size.
+corner until the appearing blue rectangle reaches the desired size.
 
 .. figure:: /images/charts/resize-chart2.gif
    :figwidth: 750px
@@ -238,6 +238,6 @@ To delete a dashboard:
 Modify Dashboard Permissions
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
-A dashbaord ``Owner`` can modify which users can access the dashboard
+A dashboard ``Owner`` can modify which users can access the dashboard
 and their respective permission levels. For more information, refer to
 the :doc:`Dashboard Permissions <dashboard-permissions>` page.

source/manage-data-sources.txt

@@ -13,16 +13,16 @@ Manage Existing Data Sources
    :depth: 1
    :class: singlecol
 
-|charts| users can modify certain properties of a data source provided
-they have appropriate :ref:`permissions <permission-model>` on the
-target data source.
+Users who are :data:`Owners <Owner>` of a data source can
+modify certain properties of that data source. This page outlines the
+modifications data source ``Owners`` can make.
 
 .. _mod-data-source-alias:
 
 Modify Data Source Alias
 ------------------------
 
-A data source ``Manager`` or ``Owner`` can modify the :guilabel:`Alias`
+A data source ``Owner`` can modify the :guilabel:`Alias`
 of that data source. To modify a data source :guilabel:`Alias`:
 
 1. Hover over the row's :guilabel:`Alias` field.
@@ -35,11 +35,11 @@ of that data source. To modify a data source :guilabel:`Alias`:
 
 .. _data-source-embedding:
 
-Enable or Disable Embedding
----------------------------
+Modify Embedding Settings
+-------------------------
 
-As a data source ``Owner``, you can allow other people to
-:ref:`embed charts <embedding-charts>` which use your data source
+A data source ``Owner`` can allow other people to
+:ref:`embed charts <embedding-charts>` which use the data source
 in external web pages. In order to allow a chart to be embedded
 in an external web page, you must enable embedding both on the
 data source and the individual chart.