Update workflow and add screenshots (#177)

* Update workflow and add screenshots * Incorporate feedback
2017-07-24 14:29:12 -07:00 · 2017-07-24 14:29:12 -07:00 · 86f35eb4a4
parent 67e98a014f
commit 86f35eb4a4
5 changed files with 53 additions and 24 deletions
--- a/datacenter/ucp/2.2/guides/admin/manage-users/isolate-volumes-between-teams.md
+++ b/datacenter/ucp/2.2/guides/admin/manage-users/isolate-volumes-between-teams.md
@ -9,17 +9,16 @@ resource collections. UCP access control prevents the teams from viewing and
 accessing each other's volumes, even though they may be located in the same
 nodes.

-The procedure has the following steps.
-
-1.  Create two teams
-2.  Create resource collections
-3.  Create grants
-4.  Team member creates volumes
+1.  Create two teams.
+2.  Create two collections, one for either team.
+3.  Create grants to manage access to the collections.
+4.  Team members create volumes that are specific to their team.

 ## Create two teams

-Use the **Organizations** web UI to create two teams in your organization, 
-named "Dev" and "Prod". 
+Navigate to the **Organizations & Teams** page to create two teams in your
+organization, named "Dev" and "Prod". Add a user who's not a UCP administrator
+to the Dev team, and add another non-admin user to the Prod team.
 [Learn how to create and manage teams](create-and-manage-teams.md). 

 ## Create resource collections
@ -30,37 +29,67 @@ placed under the `/Shared` collection.

 1.  In the left pane, click **Collections** to show all of the resource
    collections in the swarm.
-2.  Find the **/Shared** collection and click **View collection**.
-2.  Click **Create collection**, and in the **Collection Name** input, enter
-    "dev-volumes".
+2.  Find the **/Shared** collection and click **View children**.
+2.  Click **Create collection** and name the new collection "dev-volumes".
 3.  Click **Create** to create the collection.
-4.  Click **Create collection** again, and in the **Collection Name** input, enter
-    "prod-volumes", and click **Create**.
+4.  Click **Create collection** again, name the new collection "prod-volumes",
+    and click **Create**.

 ## Create grants for controlling access to the new volumes

-1.  Navigate to **User Management > Manage Grants** and click **Create grant**.
-2.  In the left pane, click **Collections**, navigate to **/Shared/dev-volumes**,
-    and click **Select**.
-3.  Click **Roles**, and select **Restricted Control** in the dropdown list.
+In this example, the Dev team gets access to its volumes from a grant that
+associates the team with the `/Shared/dev-volumes` collection, and the Prod
+team gets access to its volumes from another grant that associates the team
+with the `/Shared/prod-volumes` collection.
+
+1.  Navigate to the **Grants** page and click **Create Grant**.
+2.  In the left pane, click **Collections**, and in the **Swarm** collection,
+    click **View Children**.
+3.  In the **Shared** collection, click **View Children**. 
+4.  In the list, find **/Shared/dev-volumes** and click **Select Collection**.
+3.  Click **Roles**, and in the dropdown, select **Restricted Control**.
 4.  Click **Subjects**, and under **Select subject type**, click **Organizations**.
-    In the dropdown, pick the organization that you want to associate with this grant.
-    Also, pick **Dev** from the **Team** dropdown. 
+    In the dropdown, pick your organization, and in the **Team** dropdown,
+    select **Dev**.
 5.  Click **Create** to grant permissions to the Dev team.
-6.  Click **Create grant** and repeat the previous steps for the **/Shared/prod-volumes**
+6.  Click **Create Grant** and repeat the previous steps for the **/Shared/prod-volumes**
    collection and the Prod team.

+![](../../images/isolate-volumes-1.png)
+
+With the collections and grants in place, users can sign in and create volumes
+in their assigned collections.
+
 ## Create a volume as a team member

 Team members have permission to create volumes in their assigned collection.

 1.  Log in as one of the users on the Dev team.
-2.  In the left pane, click **Volumes** to show all of the 
-    volumes in the swarm that the user can access.
+2.  Navigate to the **Volumes** page to view all of the volumes in the swarm
+    that the user can access.
 2.  Click **Create volume** and name the new volume "dev-data".
 3.  In the left pane, click **Collections**. The default collection appears.
    At the top of the page, click **Shared**, find the **dev-volumes**
-    collection in the list, and click **Select**.
-4.  Click **Create** to add the "dev-data" volume to the collection. 
+    collection in the list, and click **Select Collection**.
+4.  Click **Create** to add the "dev-data" volume to the collection.
+5.  Log in as one of the users on the Prod team, and repeat the previous steps
+    to create a "prod-data" volume assigned to the `/Shared/prod-volumes`
+    collection.

+![](../../images/isolate-volumes-2.png)
+
+Now you can see role-based access control in action for volumes. The user on
+the Prod team can't see the Dev team's volumes, and if you log in again as a
+user on the Dev team, you won't see the Prod team's volumes.
+
+![](../../images/isolate-volumes-3.png)
+
+Sign in with a UCP administrator account, and you see all of the volumes
+created by the Dev and Prod users.
+
+![](../../images/isolate-volumes-4.png)
+
+## Where to go next
+
+- [Isolate swarm nodes to a specific team](isolate-nodes-between-teams.md)

--- a/datacenter/ucp/2.2/guides/images/isolate-volumes-1.png
+++ b/datacenter/ucp/2.2/guides/images/isolate-volumes-1.png
--- a/datacenter/ucp/2.2/guides/images/isolate-volumes-2.png
+++ b/datacenter/ucp/2.2/guides/images/isolate-volumes-2.png
--- a/datacenter/ucp/2.2/guides/images/isolate-volumes-3.png
+++ b/datacenter/ucp/2.2/guides/images/isolate-volumes-3.png
--- a/datacenter/ucp/2.2/guides/images/isolate-volumes-4.png
+++ b/datacenter/ucp/2.2/guides/images/isolate-volumes-4.png