From f97d861437f7de458c4c5a434c81b22667129665 Mon Sep 17 00:00:00 2001 From: David Xu Date: Sun, 24 Nov 2024 23:13:46 -0800 Subject: [PATCH 1/5] clarification for workspaces versus tags for env separation --- docs/administration/concepts/index.mdx | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/administration/concepts/index.mdx b/docs/administration/concepts/index.mdx index 252a87fb..3679553e 100644 --- a/docs/administration/concepts/index.mdx +++ b/docs/administration/concepts/index.mdx @@ -398,3 +398,10 @@ may take a minute or two before the new limits apply. ### Related content - Tutorial on how to [optimize spend](./tutorials/manage_spend) + +## Best Practices + +### Environment separation + +Use resource tags to organize resources by environment (e.g. `dev`, `staging`, `prod`). We will be releasing attribute based access control (ABAC) in the near future, which will enable fine-grained permissions based on resource tags. +We recommend the use of workspaces when you need strict isolation of resources (e.g. different teams who legally cannot see each other's data). From 3f695ea85bcb3cdfe9150bdd062dfbb25ac0d1fd Mon Sep 17 00:00:00 2001 From: David Xu Date: Mon, 25 Nov 2024 11:00:45 -0800 Subject: [PATCH 2/5] change positioning so right sidebar correctly recognizes the element on scroll --- docs/administration/concepts/index.mdx | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/administration/concepts/index.mdx b/docs/administration/concepts/index.mdx index 3679553e..a4e50711 100644 --- a/docs/administration/concepts/index.mdx +++ b/docs/administration/concepts/index.mdx @@ -176,6 +176,13 @@ Roles can be managed in organization settings under the `Roles` tab: For more details on assigning and creating roles, see the [access control setup guide](../how_to_guides/organization_management/set_up_access_control.mdx). +## Best Practices + +### Environment separation + +Use resource tags to organize resources by environment (e.g. `dev`, `staging`, `prod`). We will be releasing attribute based access control (ABAC) in the near future, which will enable fine-grained permissions based on resource tags. +We recommend the use of workspaces when you need strict isolation of resources (e.g. different teams who legally cannot see each other's data). + ## Usage and Billing ### Data Retention @@ -398,10 +405,3 @@ may take a minute or two before the new limits apply. ### Related content - Tutorial on how to [optimize spend](./tutorials/manage_spend) - -## Best Practices - -### Environment separation - -Use resource tags to organize resources by environment (e.g. `dev`, `staging`, `prod`). We will be releasing attribute based access control (ABAC) in the near future, which will enable fine-grained permissions based on resource tags. -We recommend the use of workspaces when you need strict isolation of resources (e.g. different teams who legally cannot see each other's data). From ce2e4f48a2bf03b5a2c52fe60ffdc1a33a921695 Mon Sep 17 00:00:00 2001 From: David <77736444+davidx33@users.noreply.github.com> Date: Mon, 25 Nov 2024 19:19:25 -0800 Subject: [PATCH 3/5] Update docs/administration/concepts/index.mdx Co-authored-by: Julia Schottenstein <143230980+schottenstein@users.noreply.github.com> --- docs/administration/concepts/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/administration/concepts/index.mdx b/docs/administration/concepts/index.mdx index a4e50711..f191b60b 100644 --- a/docs/administration/concepts/index.mdx +++ b/docs/administration/concepts/index.mdx @@ -178,7 +178,7 @@ For more details on assigning and creating roles, see the [access control setup ## Best Practices -### Environment separation +### Environment Separation Use resource tags to organize resources by environment (e.g. `dev`, `staging`, `prod`). We will be releasing attribute based access control (ABAC) in the near future, which will enable fine-grained permissions based on resource tags. We recommend the use of workspaces when you need strict isolation of resources (e.g. different teams who legally cannot see each other's data). From 9dc27e3719680b7ffb9db27126bf41640bf5bd4c Mon Sep 17 00:00:00 2001 From: David Xu Date: Mon, 25 Nov 2024 21:43:13 -0800 Subject: [PATCH 4/5] linking to resource tags --- docs/administration/concepts/index.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/administration/concepts/index.mdx b/docs/administration/concepts/index.mdx index f191b60b..4ad25401 100644 --- a/docs/administration/concepts/index.mdx +++ b/docs/administration/concepts/index.mdx @@ -180,7 +180,7 @@ For more details on assigning and creating roles, see the [access control setup ### Environment Separation -Use resource tags to organize resources by environment (e.g. `dev`, `staging`, `prod`). We will be releasing attribute based access control (ABAC) in the near future, which will enable fine-grained permissions based on resource tags. +Use [resource tags](#resource-tags) to organize resources by environment (e.g. `dev`, `staging`, `prod`). We will be releasing attribute based access control (ABAC) in the near future, which will enable fine-grained permissions based on resource tags. We recommend the use of workspaces when you need strict isolation of resources (e.g. different teams who legally cannot see each other's data). ## Usage and Billing From 672326c6cd880e83212435368e8272fac5082993 Mon Sep 17 00:00:00 2001 From: David Xu Date: Tue, 26 Nov 2024 18:43:50 -0800 Subject: [PATCH 5/5] adding julias suggestions --- docs/administration/concepts/index.mdx | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/administration/concepts/index.mdx b/docs/administration/concepts/index.mdx index 4ad25401..1f60df79 100644 --- a/docs/administration/concepts/index.mdx +++ b/docs/administration/concepts/index.mdx @@ -180,8 +180,9 @@ For more details on assigning and creating roles, see the [access control setup ### Environment Separation -Use [resource tags](#resource-tags) to organize resources by environment (e.g. `dev`, `staging`, `prod`). We will be releasing attribute based access control (ABAC) in the near future, which will enable fine-grained permissions based on resource tags. -We recommend the use of workspaces when you need strict isolation of resources (e.g. different teams who legally cannot see each other's data). +Use [resource tags](#resource-tags) to organize resources by environment using the default tag key `Environment` and different values for the environment (e.g. `dev`, `staging`, `prod`). This tagging structure will allow you to organize your tracing projects today and easily enforce +permissions when we release attribute based access control (ABAC). ABAC on the resource tag will provide a fine-grained way to restrict access to production tracing projects, for example. We do not recommend that you use Workspaces for environment separation as you cannot share resources +across Workspaces. If you would like to promote a prompt from `staging` to `prod`, we recommend you use prompt tags instead. See [docs](../prompt_engineering/concepts#tags) for more information. ## Usage and Billing