docs: HCP organization "owner" role changes #1150
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Vercel Previews Deployed
|
Broken Link CheckerNo broken links found! 🎉 |
Younique98
approved these changes
Oct 21, 2025
xargs-P
approved these changes
Oct 27, 2025
aimeeu
reviewed
Oct 29, 2025
|
|
||
| </Note> | ||
| organization. If you have logged in before, the portal opens the last project you were in. | ||
| Navigate to the Organization to change projects |
There was a problem hiding this comment.
Suggested change
| Navigate to the Organization to change projects | |
| Navigate to the Organization to change projects. |
missing period
|  | ||
|
|
||
| A resource is any item that the access management system controls access to. Examples of resources are a HCP Vault Dedicated cluster, HCP Packer Bucket, HashiCorp Virtual Network (HVN) or a HCP Vault Secret App. The **Active Resources** page lists all resources created in the project. To delete a project, all resources must be deleted. If an resource exists, HCP will block users from deleting the project. This page helps you to identify what resources are still in the project. | ||
| A resource is any item that the access management system controls access to. Examples of resources are a HCP Vault Dedicated cluster, HCP Packer Bucket, or a HashiCorp Virtual Network (HVN). The **Active Resources** page lists all resources created in the project. To delete a project, all resources must be deleted. If an resource exists, HCP will block users from deleting the project. This page helps you to identify what resources are still in the project. |
There was a problem hiding this comment.
Suggested change
| A resource is any item that the access management system controls access to. Examples of resources are a HCP Vault Dedicated cluster, HCP Packer Bucket, or a HashiCorp Virtual Network (HVN). The **Active Resources** page lists all resources created in the project. To delete a project, all resources must be deleted. If an resource exists, HCP will block users from deleting the project. This page helps you to identify what resources are still in the project. | |
| A resource is any item that the access management system controls access to. Examples of resources are an HCP Vault Dedicated cluster, an HCP Packer Bucket, or a HashiCorp Virtual Network (HVN). The **Active Resources** page lists all resources created in the project. To delete a project, all resources must be deleted. If a resource exists, HCP blocks users from deleting the project. This page helps you to identify what resources are still in the project. |
nit: indefinite article should be "an" for HCP (an HCP Vault...)
| [HCP projects](/hcp/docs/hcp/admin/projects), which separate access to resources such as [HashiCorp Virtual Networks (HVN)](/hcp/docs/hcp/network) according to [user permissions](/hcp/docs/iam/users#user-permissions). An organization can have up to 100 projects. | ||
|
|
||
| Users can be a member of multiple organizations if invited by the admin of other organizations. However, you can only create and own one organization for your HCP account. | ||
| Users can be a member of multiple organizations, and organizations can have a maximum of 3 users with the `owner` role. You can add and delete organization owners over time, but organizations require at least 1 owner at all times. |
There was a problem hiding this comment.
Suggested change
| Users can be a member of multiple organizations, and organizations can have a maximum of 3 users with the `owner` role. You can add and delete organization owners over time, but organizations require at least 1 owner at all times. | |
| Users can be a member of multiple organizations, and organizations can have a maximum of three users with the `owner` role. You can add and delete organization owners over time, but organizations require at least one owner at all times. |
|
|
||
| ## Find organization owners | ||
|
|
||
| An organization can have 1-3 users with the `owner` role. Owners can change, but there must always be at least 1 owner per organization. |
There was a problem hiding this comment.
Suggested change
| An organization can have 1-3 users with the `owner` role. Owners can change, but there must always be at least 1 owner per organization. | |
| An organization can have one to three users with the `owner` role. Owners can change, but there must always be at least one owner per organization. |
style nit number ranges
|
|
||
| An organization can have 1-3 users with the `owner` role. Owners can change, but there must always be at least 1 owner per organization. | ||
|
|
||
| To find the organization's current owners: |
There was a problem hiding this comment.
Suggested change
| To find the organization's current owners: | |
| To find the organization's current owners, perform the following steps: |
| @include '/hcp-administration/assign-project-role.mdx' | ||
|
|
||
| # Role Names and Role IDs | ||
| ## Role Names and Role IDs |
There was a problem hiding this comment.
Suggested change
| ## Role Names and Role IDs | |
| ## Role names and role IDs |
|
|
||
| @include '/hcp-administration/permission-intro.mdx' | ||
|
|
||
| ## Access Management |
There was a problem hiding this comment.
Suggested change
| ## Access Management | |
| ## Access management |
| @@ -1,16 +1,15 @@ | |||
| HCP uses a role-based access controls (RBAC) system to enable members of your organizations and projects to perform actions in HCP and interact with resources. Some HCP applications allow you to assign roles for specific resources, such as an HCP Packer bucket. Refer to the specific HCP application documentation for more information. | |||
| HCP uses a role-based access controls (RBAC) system to enable members of your organizations and projects to perform actions in HCP and interact with resources. Some HCP applications allow you to assign roles for specific resources, such as an HCP Packer bucket. Refer to the individual HCP service's documentation for more information. | |||
There was a problem hiding this comment.
Suggested change
| HCP uses a role-based access controls (RBAC) system to enable members of your organizations and projects to perform actions in HCP and interact with resources. Some HCP applications allow you to assign roles for specific resources, such as an HCP Packer bucket. Refer to the individual HCP service's documentation for more information. | |
| HCP uses a role-based access control (RBAC) system to enable members of your organizations and projects to perform actions in HCP and interact with resources. Some HCP applications allow you to assign roles for specific resources, such as an HCP Packer bucket. Refer to the individual HCP service's documentation for more information. |
| ### Inheritance | ||
| Each resource in a HCP organization has an IAM policy associated with it that informs about the level of access allowed on that resource. This IAM policy is a data structure that provides a mapping of roles to principals assigned to that resource. | ||
|
|
||
| Each resource in a HCP organization has an IAM policy associated with it that sets the level of access allowed on that resource. This IAM policy is a data structure that provides a mapping of roles to principals assigned to that resource. |
There was a problem hiding this comment.
Suggested change
| Each resource in a HCP organization has an IAM policy associated with it that sets the level of access allowed on that resource. This IAM policy is a data structure that provides a mapping of roles to principals assigned to that resource. | |
| Each resource in an HCP organization has an IAM policy associated with it that sets the level of access allowed on that resource. This IAM policy is a data structure that provides a mapping of roles to principals assigned to that resource. |
| For example, a user assigned the `viewer` role in an organization also has `viewer` role permissions for projects within the organization. Similarly, a user assigned the `contributor` role in a project also has `contributor` role permissions for resources within the project. | ||
|
|
||
| If a user has an `viewer` role in an organization and `admin` role on a project in the same organization, the user receives a concatenation of `viewer` _and_ `admin` role permissions within that specific project. | ||
| If a user has an `viewer` role in an organization and `admin` role on a project in the same organization, the user receives a concatenation of `viewer` _and_ `admin` role permissions within that specific project. |
There was a problem hiding this comment.
Suggested change
| If a user has an `viewer` role in an organization and `admin` role on a project in the same organization, the user receives a concatenation of `viewer` _and_ `admin` role permissions within that specific project. | |
| If a user has a `viewer` role in an organization and an `admin` role on a project in the same organization, the user receives a concatenation of `viewer` _and_ `admin` role permissions within that specific project. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR updates HCP platform documentation. Previously, an organization supported a single non-transferrable owner. To better support business continuity, organizations now allow up to 3 users with the
ownerrole. These owners can be added or removed as desired, although one user must always be anownerfor the organization.Preview links