Registry team access bulk

content/guides/models/registry/configure_registry.md

@@ -7,24 +7,55 @@ title: Configure registry access
 weight: 3
 ---
 
-<!-- A registry, and the linked artifacts inside a registry, belong to an organization. This means that teams within an organization can publish and consume artifacts linked to a registry, if that team has correct access control. -->
-
-Registry admins can limit who can access a registry by navigating to a registry's settings and assigning a user's role to [Admin, Member, or Viewer]({{< relref "#registry-roles-permissions" >}}). Users can have different roles in different registries. For example, a user can have a view role in "Registry A" and a member role in the "Registry B". 
+Add, remove, and manage registry roles for teams and individual users in a registry by configuring a registry's settings.
 
 {{% alert %}}
-Only registry admins can [restrict visibility]({{< relref "#restrict-visibility-to-a-registry" >}}), [configure user roles]({{< relref "#configure-user-roles-in-a-registry" >}}), or [remove users]({{< relref "#remove-a-user-from-a-registry" >}}) from registries in an organization.
+Only team or registry administrators can [restrict visibility]({{< relref "configure_registry.md#restrict-visibility-to-a-registry" >}}), [configure registry roles]({{< relref "configure_registry.md#configure-registry-roles" >}}), [add users]({{< relref "configure_registry.md#add-a-user-from-a-registry" >}}), or [remove users]({{< relref "configure_registry.md#remove-a-user-from-a-registry" >}}) from a registry.
 {{% /alert %}}
 
-## Registry roles permissions
 
-A user within an organization can have different roles, and therefore permissions, for each registry in their organization.
+## Add a user or a team to a registry
+
+Team or registry administrators can add individual users or entire teams to a registry. To add a user or team to a registry:
+
+1. Navigate to the Registry App at https://wandb.ai/registry/.
+2. Select the registry you want to add a user or team to.
+3. Click on the gear icon on the upper right hand corner to access the registry settings.
+4. Navigate to the **Registry access** section.
+5. Click on the **Add access** button.
+6. Add a user name, email, or the name of a team to the **Include users and teams** field.
+7. Click **Add access**.
+
 
-{{% alert title="W&B role types" %}}
-W&B has three different types of roles: Organization roles, [team roles]({{< relref "/guides/models/app/settings-page/teams.md#team-roles-and-permissions" >}}), and [registry roles]({{< relref "#registry-roles-permissions" >}}).
 
-Your role in a team has no impact or relationship on your role in any registry.
+
+W&B attempts to assign users added to a registry a `Viewer` registry role by default. If the user has a [team role]({{< relref "/guides/models/app/settings-page/teams.md#team-role-and-permissions" >}}) in the organization, W&B assigns the user the highest level of privilege as their registry role. See [Resolve role conflicts]({{< relref "configure_registry.md#resolve-role-conflicts" >}}) for more information.
+
+To edit a user's role, see [Configure user roles in a registry]({{< relref "configure_registry.md#configure-user-roles-in-a-registry" >}}).
+
+## Remove a user or team from a registry
+Team or registry administrators can remove individual users or entire teams to a registry. To remove a user or team from a registry:
+
+1. Navigate to the Registry App at https://wandb.ai/registry/.
+2. Select the registry you want to remove a user from.
+3. Click on the gear icon on the upper right hand corner to access the registry settings.
+4. Navigate to the **Registry access** section and type in the username, email, or team you want to remove.
+5. Click the **Delete** button.
+
+
+
+## Registry role permissions
+
+Each user in a registry has a specific *registry role*. Registry roles determine what users can do in a given registry.
+
+Registry or team administrators can assign or modify team and user roles in a registry. See [Configure user roles in a registry]({{< relref "configure_registry.md#configure-user-roles-in-a-registry" >}}) for more information.
+
+{{% alert title="W&B role types" %}}
+There are two different types of roles in W&B: [Team roles]({{< relref "/guides/models/app/settings-page/teams.md#team-role-and-permissions" >}}) and [Registry roles]({{< relref "configure_registry.md#registry-role-permissions" >}}).
 {{% /alert %}}
 
+A user can have different registry roles in different registries. For example, a user can have a `Viewer` role in "Registry A" and a `Member` role in the "Registry B".
+
 The proceeding table lists the different roles a user can have and their permissions:
 
 
@@ -57,57 +88,31 @@ The proceeding table lists the different roles a user can have and their permiss
 | Assign or change a user's role in a registry                   | Admin            |        |        |   X   |   X   |
 
 
+### Resolve role conflicts
 
-## Configure user roles in a registry
-1. Navigate to the **Registry** App in the W&B App UI.
-2. Select the registry you want to configure.
-3. Click on the gear icon on the upper right hand corner.
-4. Scroll to the **Registry members and roles** section.
-5. Within the **Member** field, search for the user you want to edit permissions for.
-6. Click on the user's role within the **Registry role** column. 
-7. From the dropdown, select the role you want to assign to the user.
-
-{{< img src="/images/registry/configure_role_registry.gif" alt="" >}}
-
-## Remove a user from a registry
-1. Navigate to the **Registry** App in the W&B App UI.
-2. Select a core or custom registry.
-3. Click on the gear icon on the upper right hand corner.
-4. Scroll to the **Registry members and roles** section and type in the username of the member you want to remove.
-5. Click the **Delete** button.
-
+When an administrator adds a user to a registry, W&B attempts to assign that user a `Viewer` registry role by default. In the event of a conflict between a user's [team role]({{< relref "/guides/models/app/settings-page/teams.md#team-role-and-permissions" >}}) and default registry role, W&B assigns the user the highest level of privilege as the registry role.
 
+For example, suppose a user has a `Member` team role in "Registry A". A registry administrator then adds that user to "Registry B". That user will have a `Member` role in "Registry B" because it has more privilege than the default `Viewer` role.
 
-## Registry visibility types
+The proceeding table shows the inherited registry role in the event of a conflict between a user's team role and default registry role:
 
-There are two registry visibility types: restricted or organization visibility. The following table describes who has access to the registry by default:
+| Team role | Registry role | Inherited registry role |
+| ------ | ------ | ------ | 
+| Viewer | Viewer | Viewer |
+| Member | Viewer | Member |
+| Admin  | Viewer | Admin  |
 
-| Visibility | Description | Default role | Example |
-| --- | --- | --- | --- |
-| Organization | Everyone in the org can access the registry. | By default, organization administrators are an admin for the registry. All other users are a viewer in the registry by default. | Core registry |
-| Restricted   | Only invited org members can access the registry.| The user who created the restricted registry is the only user in the registry by default, and is the organization's owner. | Custom registry or core registry |
 
 
-## Restrict visibility to a registry
-<!-- Who can do this? -->
-Restrict who can view and access a custom registry. You can restrict visibility to a registry when you create a custom registry or after you create a custom registry. A custom registry can have either restricted or organization visibility. For more information on registry visibilities, see [Registry visibility types]({{< relref "./configure_registry.md#registry-visibility-types" >}}).
-
-<!-- | Visibility | Description |
-| --- | --- |
-| Organization | Anyone in the organization can view the registry. |
-| Restricted   | Only invited organization members can view and edit the registry.|  -->
-
-The following steps describe how to restrict the visibility of a custom registry that already exists:
-
-1. Navigate to the **Registry** App in the W&B App UI.
-2. Select a registry.
+## Configure registry roles
+1. Navigate to the Registry App at https://wandb.ai/registry/.
+2. Select the registry you want to configure.
 3. Click on the gear icon on the upper right hand corner.
-4. From the **Registry visibility** dropdown, select the desired registry visibility.
-
-Continue if you select **Restricted visibility**:
+4. Scroll to the **Registry members and roles** section.
+5. Within the **Member** field, search for the user you want to edit permissions for.
+6. Click on the user's role within the **Registry role** column. 
+7. From the dropdown, select the role you want to assign to the user.
 
-5. Add members of your organization that you want to have access to this registry. Scroll to the **Registry members and roles** section and click on the **Add member** button. 
-6. Within the **Member** field, add the email or username of the member you want to add.
-7. Click **Add new member**.
+<!-- To do: add new image -->
+<!-- {{< img src="/images/registry/configure_role_registry.gif" alt="" >}} -->
 
-{{< img src="/images/registry/change_registry_visibility.gif" alt="" >}}

content/guides/models/registry/create_registry.md

@@ -7,23 +7,71 @@ title: Create a custom registry
 weight: 2
 ---
 
-Create a [custom registry]({{< relref "./registry_types.md#custom-registry" >}}) for each step of your ML workflow.
+A custom registry offers flexibility and control over the artifact types that you can use, the visibility of the registry to other teams, and more.
 
-Custom registries are particularly useful for organizing project-specific requirements that differ from the default, [core registry]({{< relref "./registry_types.md#core-registry" >}}).
+{{% pageinfo color="info" %}}
+See the summary table in [Registry types]({{< relref "registry_types.md#summary" >}}) for a complete comparison of core and custom registries.
+{{% /pageinfo %}}
 
-The following procedure describes how to interactively create a registry:
-1. Navigate to the **Registry** App in the W&B App UI.
+
+## Create a custom registry
+
+The following procedure describes how to create a custom registry:
+1. Navigate to the **Registry** App at https://wandb.ai/registry/.
 2. Within **Custom registry**, click on the **Create registry** button.
 3. Provide a name for your registry in the **Name** field.
 4. Optionally provide a description about the registry.
 5. Select who can view the registry from the **Registry visibility** dropdown. See [Registry visibility types]({{< relref "./configure_registry.md#registry-visibility-types" >}}) for more information on registry visibility options.
 6. Select either **All types** or **Specify types** from the **Accepted artifacts type** dropdown.
 7. (If you select **Specify types**) Add one or more artifact types that your registry accepts.
+8. Click on the **Create registry** button. 
+
 {{% alert %}}
-An artifact type can not be removed from a registry once it is added and saved in the registry's settings.
+You can not remove an artifact type from a registry once you add and save it in the registry's settings.
 {{% /alert %}}
-8. Click on the **Create registry** button. 
 
 {{< img src="/images/registry/create_registry.gif" alt="" >}}
 
-For example, the preceding image shows a custom registry called "Fine_Tuned_Models" that a user is about to create. The registry is set to **Restricted** which means that only members that are manually added to the "Fine_Tuned_Models" registry will have access to this registry.
+For example, the preceding image shows a custom registry called "Fine_Tuned_Models" that a user is about to create. The registry is set to **Restricted** which means that only members that are manually added to the "Fine_Tuned_Models" registry will have access to this registry.
+
+
+## Registry visibility types
+
+The *visibility* of a registry determines who can access that registry. Restricting the visibility of a custom registry helps ensure that only specified members can access that registry.
+
+There are two type of registry visibility: *Restricted* and *Organization*. A custom registry can have either a Restricted or Organization visibility. Core registries can only have Organization visibility. 
+
+A team administrator or registry administrator can set the visibility of a custom registry.
+
+| Visibility | Description |
+| --- | --- | 
+| Organization | Everyone in the org can access the registry. |
+| Restricted   | Only invited organization members can access the registry.| 
+
+The user who creates a custom registry with Restricted visibility is the only user in that registry initially. That user is given an administrative role and they can add other users to that registry.  
+
+
+## Assign the visibility of a custom registry
+
+A team administrator or registry administrator can assign the visibility of a custom registry during or after the creation of a custom registry. 
+
+To restrict the visibility of an existing custom registry:
+
+1. Navigate to the **Registry** App at https://wandb.ai/registry/.
+2. Select a registry.
+3. Click on the gear icon on the upper right hand corner.
+4. From the **Registry visibility** dropdown, select the desired registry visibility.
+
+Continue if you select **Restricted** visibility:
+
+<!-- To do: Add updated process of adding a team -->
+
+5. Add members of your organization that you want to have access to this registry. Scroll to the **Registry members and roles** section and click on the **Add member** button. 
+6. Within the **Member** field, add the email or username of the member you want to add.
+7. Click **Add new member**.
+
+{{< img src="/images/registry/change_registry_visibility.gif" alt="" >}}
+
+See [Create a custom registry]({{< relref "./create_registry.md#create-a-custom-registry" >}}) for more information on how assign the visibility of a custom registry when a team administrator creates it.
+
+