Skip to content

WIP DRAFT: authz#29817

Draft
vy-ton wants to merge 8 commits into
productionfrom
workers-authorization
Draft

WIP DRAFT: authz#29817
vy-ton wants to merge 8 commits into
productionfrom
workers-authorization

Conversation

@vy-ton

@vy-ton vy-ton commented Apr 13, 2026
edited by devin-ai-integration Bot
Loading

Copy link
Copy Markdown
Contributor

@vy-ton vy-ton requested a review from a team April 13, 2026 19:50
@vy-ton vy-ton requested a review from a team as a code owner April 13, 2026 19:50
@vy-ton vy-ton requested a review from petebacondarwin April 13, 2026 19:50
@github-actions github-actions Bot added product:workers Related to Workers product size/s labels Apr 13, 2026
@github-actions

github-actions Bot commented Apr 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
/src/assets/images/workers/ @cloudflare/workers-docs, @GregBrimble, @irvinebroque, @WalshyDev, @cloudflare/deploy-config, @cloudflare/product-owners, @cloudflare/wrangler, @MattieTK, @vy-ton
/src/content/docs/workers/ @cloudflare/workers-docs, @GregBrimble, @irvinebroque, @mikenomitch, @korinne, @WalshyDev, @cloudflare/deploy-config, @cloudflare/product-owners, @cloudflare/wrangler, @MattieTK, @cloudflare/dev-plat-leads, @vy-ton

devin-ai-integration[bot]
devin-ai-integration Bot reviewed Apr 13, 2026
View reviewed changes

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 1 potential issue.

View 2 additional findings in Devin Review.

Open in Devin Review

Comment thread src/content/docs/workers/configuration/authorization.mdx Outdated
Resource-level roles (such as D1 Database Admin or Worker Admin) mirror account-level roles but apply to a specific resource. Users can have multiple roles, both account-wide and per-resource.

:::note
Roles are ordered from least to most privileged: Metadata Read-Only < Content Read-Only < Editor < Admin. More privileged roles include all access granted by less privileged roles.

@devin-ai-integration devin-ai-integration Bot Apr 13, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔴 Unescaped < characters in MDX prose will break the build

Line 27 contains three unescaped < characters in prose: Metadata Read-Only < Content Read-Only < Editor < Admin. AGENTS.md explicitly identifies this as the #1 cause of build failures: "MDX is parsed as JSX, not plain Markdown. These characters have special meaning and will break the build if used unescaped in prose." The fix is to use &lt; or wrap the comparison expression in backticks.

Suggested change
Roles are ordered from least to most privileged: Metadata Read-Only < Content Read-Only < Editor < Admin. More privileged roles include all access granted by less privileged roles.
Roles are ordered from least to most privileged: Metadata Read-Only &lt; Content Read-Only &lt; Editor &lt; Admin. More privileged roles include all access granted by less privileged roles.
Open in Devin Review

Was this helpful? React with 👍 or 👎 to provide feedback.

@vy-ton vy-ton changed the title WIP: authz WIP DRAFT: authz Apr 13, 2026
@vy-ton vy-ton marked this pull request as draft April 13, 2026 19:55
@github-actions

github-actions Bot commented Apr 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

CI run failed: build logs

@github-actions

github-actions Bot commented Apr 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Preview URL: https://825a8dab.preview.developers.cloudflare.com
Preview Branch URL: https://workers-authorization.preview.developers.cloudflare.com

Files with changes (up to 15)

Original Link Updated Link
https://developers.cloudflare.com/workers/configuration/authorization/ https://workers-authorization.preview.developers.cloudflare.com/workers/configuration/authorization/

@kodster28

kodster28 commented Apr 13, 2026

Copy link
Copy Markdown
Collaborator

Update required at https://developers.cloudflare.com/fundamentals/manage-members/roles/?

@github-actions

github-actions Bot commented Apr 28, 2026

Copy link
Copy Markdown
Contributor

Hey there, we've marked this pull request as stale because there's no recent activity on it. This label helps us identify PRs that might need updates (or to be closed out by our team if no longer relevant).

@github-actions github-actions Bot added the stale label Apr 28, 2026
@vy-ton

vy-ton commented May 5, 2026
edited
Loading

Copy link
Copy Markdown
Contributor Author

From chat with @dinasaur404:

  • no Workers Platform bind role, rename to "Developer Platform", create "Developer Platform" roles for API tokens
  • Workers product roles: Workers Metadata Read-Only, Workers Bind, Workers Content Read-Only, Workers Editor, Workers Admin, same roles in membership and API tokens

@github-actions

github-actions Bot commented May 5, 2026

Copy link
Copy Markdown
Contributor

Broken Links

Found 1 broken link(s) across 1 file(s).

File Link Position Error
workers/configuration/authorization.mdx /products/?product-group=Developer+platform 16:30 invalid link

@github-actions github-actions Bot removed the stale label May 6, 2026
vy-ton
vy-ton commented May 6, 2026
View reviewed changes
Comment thread src/content/docs/workers/configuration/authorization.mdx Outdated

```mermaid
flowchart TD
A["Metadata Read-Only<br/>(least privileged)"] --> B["Bind"]

@vy-ton vy-ton May 6, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Drop Bind to the side, standalone

@github-actions

github-actions Bot commented May 27, 2026

Copy link
Copy Markdown
Contributor

Hey there, we've marked this pull request as stale because there's no recent activity on it. This label helps us identify PRs that might need updates (or to be closed out by our team if no longer relevant).

@github-actions github-actions Bot added the stale label May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@GregBrimble GregBrimble Awaiting requested review from GregBrimble GregBrimble is a code owner
@irvinebroque irvinebroque Awaiting requested review from irvinebroque irvinebroque is a code owner
@mikenomitch mikenomitch Awaiting requested review from mikenomitch
@korinne korinne Awaiting requested review from korinne korinne is a code owner
@WalshyDev WalshyDev Awaiting requested review from WalshyDev WalshyDev is a code owner
@MattieTK MattieTK Awaiting requested review from MattieTK MattieTK is a code owner
@petebacondarwin petebacondarwin Awaiting requested review from petebacondarwin petebacondarwin is a code owner automatically assigned from cloudflare/wrangler
1 more reviewer
@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments
Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@MattieTK MattieTK

@irvinebroque irvinebroque

@mikenomitch mikenomitch

@GregBrimble GregBrimble

@WalshyDev WalshyDev

@korinne korinne

Labels

product:workers Related to Workers product size/s stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@vy-ton @kodster28 @MattieTK @irvinebroque @mikenomitch @GregBrimble @WalshyDev @korinne