Files
crewAI/docs/v1.11.0/ko/enterprise/features/rbac.mdx
Lucas Gomide a237ebabba feat: adopt directory-based docs versioning with Edge channel (#6202)
* feat: adopt directory-based docs versioning with Edge channel

Switch docs.crewai.com from navigation-only versioning (every version
selector entry rendered the same docs/<lang>/* source files) to
Mintlify's directory-based versioning so each version selector entry
renders its own snapshot. Add an "Edge" channel under docs/edge/<lang>/*
that always reflects main HEAD for unreleased work, eliminating
pre-release leakage onto frozen release labels. External links to
canonical /<lang>/* URLs are preserved via wildcard redirects that
always land on the current default version.

Layout:
- docs/edge/<lang>/*         rolling source (you edit here)
- docs/edge/enterprise-api.*.yaml
- docs/v<X.Y.Z>/<lang>/*     frozen, immutable snapshots
- docs/v<X.Y.Z>/enterprise-api.*.yaml
- docs/images/               shared, append-only
- docs/docs.json             nav + redirects

URLs follow the Mintlify-idiomatic shape: /edge/<lang>/<page> for
Edge, /v<X.Y.Z>/<lang>/<page> for every frozen snapshot. The wildcard
redirects /<lang>/:slug* -> /<default>/<lang>/:slug* keep stale links
working, and every freeze rewrites them (plus all per-section/per-page
redirects) so destinations always resolve to the current default
without depending on a second redirect hop.

Release flow integration (devtools release):
- New module crewai_devtools.docs_versioning.freeze() materialises
  docs/v<X.Y.Z>/ from docs/edge/, rewrites openapi: refs inside the
  snapshot, inserts the version into every language block in
  docs.json, and refreshes all redirect destinations.
- _update_docs_and_create_pr() in cli.py now calls that freeze during
  Phase 2 of devtools release. Edge changelogs are updated first (so
  the snapshot freeze picks them up), then the snapshot is staged
  alongside docs.json, branched as docs/freeze-v<X.Y.Z>, and the PR
  is titled [docs-freeze] docs: snapshot and changelog for v<X.Y.Z>
  — the title prefix the new CI guard reads.
- The PR still gates tag, GitHub release, PyPI publish, and the
  enterprise release as before; no new PRs are added.
- Pre-releases (1.X.YaN, 1.X.YbN, ...) skip the snapshot — they ride
  Edge — and the docs PR title omits the [docs-freeze] prefix.
- docs_check (AI-generated docs scaffolding) writes to
  docs/edge/<lang>/* so newly-generated unreleased docs land in Edge
  and never accidentally touch a frozen snapshot.

Migration scripts (one-shot):
- scripts/docs/freeze_historical_versions.py reconstructs all 16
  historical snapshots (v1.10.0 .. v1.14.7) from git tags via
  git archive | tar, rewriting openapi: MDX refs so each snapshot
  reads its own enterprise-api YAML rather than the live one.
- scripts/docs/prefix_version_paths.py one-shot-migrates docs.json:
  rewrites every page path in 16 versioned blocks to point under
  docs/v<X.Y.Z>/, inserts a new Edge entry per language, tags
  v1.14.7 as Latest (default), prunes pages whose target file
  doesn't exist in the snapshot (e.g. docs/ar/ didn't exist before
  v1.12.0), and writes the wildcard + per-section redirects.
- scripts/docs/freeze_current_edge.py is now a thin CLI wrapper
  around docs_versioning.freeze for manual one-off freezes (e.g.
  retroactively snapshotting a forgotten release).

CI guards (.github/workflows/docs-snapshots.yml):
- Frozen snapshots under docs/v[0-9]*/ are immutable; only PRs whose
  title contains [docs-freeze] (i.e. release-cut PRs generated by
  devtools release or the manual wrapper) may modify them.
- Images under docs/images/ are append-only since snapshots share a
  single image directory. Deleting or renaming an image breaks every
  historical snapshot that still references it.

Restored docs/images/crewai-otel-export.png from PR #3673; it was
deleted in PR #4908 but v1.10.0 / v1.10.1 snapshots still reference
it. Restoring instead of editing the snapshots preserves historical
rendering fidelity and validates the new append-only rule
retroactively.

Tests:
- lib/devtools/tests/test_docs_versioning.py covers the freeze: file
  copy, openapi rewrite, version insertion, default demotion, redirect
  upserts, per-section redirect rewriting, idempotency, and invalid
  inputs.

Verified locally with mintlify broken-links: 0 broken links across
the full site (Edge + 16 frozen versions, 4 locales).

AGENTS.md (repo root) is the contributor guide for the new model;
RELEASING.md is the release-cut runbook; README's Contribution
section links to both.

Co-authored-by: Cursor <cursoragent@cursor.com>

* style: resolve linter issues

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-17 11:56:59 -04:00

109 lines
3.7 KiB
Plaintext

---
title: "역할 기반 접근 제어 (RBAC)"
description: "역할과 자동화별 가시성으로 crews, 도구, 데이터 접근을 제어합니다."
icon: "shield"
mode: "wide"
---
## 개요
CrewAI AOP의 RBAC는 **조직 수준 역할**과 **자동화(Automation) 수준 가시성**을 결합하여 안전하고 확장 가능한 접근 제어를 제공합니다.
<Frame>
<img src="/images/enterprise/users_and_roles.png" alt="CrewAI AMP RBAC 개요" />
</Frame>
## 사용자와 역할
워크스페이스의 각 구성원은 역할이 있으며, 이는 기능 접근 범위를 결정합니다.
가능한 작업:
- 사전 정의된 역할 사용 (Owner, Member)
- 권한을 세분화한 커스텀 역할 생성
- 설정 화면에서 언제든 역할 할당/변경
설정 위치: Settings → Roles
<Steps>
<Step title="Roles 열기">
<b>Settings → Roles</b>로 이동합니다.
</Step>
<Step title="역할 선택">
<b>Owner</b> 또는 <b>Member</b>를 사용하거나 <b>Create role</b>로 커스텀
역할을 만듭니다.
</Step>
<Step title="멤버에 할당">
사용자들을 선택하여 역할을 지정합니다. 언제든 변경할 수 있습니다.
</Step>
</Steps>
### 구성 요약
| 영역 | 위치 | 옵션 |
| :------------ | :--------------------------------- | :-------------------------------- |
| 사용자 & 역할 | Settings → Roles | Owner, Member; 커스텀 역할 |
| 자동화 가시성 | Automation → Settings → Visibility | Private; 사용자/역할 화이트리스트 |
## 자동화 수준 접근 제어
조직 역할과 별개로, **Automations**는 사용자/역할별로 특정 자동화 접근을 제한하는 가시성 설정을 제공합니다.
유용한 경우:
- 민감/실험 자동화를 비공개로 유지
- 대규모 팀/외부 협업에서 가시성 관리
- 격리된 컨텍스트에서 자동화 테스트
Private 모드에서는 화이트리스트에 포함된 사용자/역할만 다음 작업이 가능합니다:
- 자동화 보기
- 실행/API 사용
- 로그, 메트릭, 설정 접근
조직 Owner는 항상 접근 가능하며, 가시성 설정에 영향을 받지 않습니다.
설정 위치: Automation → Settings → Visibility
<Steps>
<Step title="Visibility 탭 열기">
<b>Automation → Settings → Visibility</b>로 이동합니다.
</Step>
<Step title="가시성 설정">
<b>Private</b>를 선택합니다. Owner는 항상 접근 가능합니다.
</Step>
<Step title="허용 대상 추가">
보기/실행/로그·메트릭·설정 접근이 가능한 사용자/역할을 추가합니다.
</Step>
<Step title="저장 및 확인">
저장 후, 목록에 없는 사용자가 보거나 실행할 수 없는지 확인합니다.
</Step>
</Steps>
### Private 모드 접근 결과
| 동작 | Owner | 화이트리스트 사용자/역할 | 비포함 |
| :--------------- | :---- | :----------------------- | :----- |
| 자동화 보기 | ✓ | ✓ | ✗ |
| 실행/API | ✓ | ✓ | ✗ |
| 로그/메트릭/설정 | ✓ | ✓ | ✗ |
<Tip>
Owner는 항상 접근 가능하며, Private 모드에서는 화이트리스트에 포함된
사용자/역할만 권한이 부여됩니다.
</Tip>
<Frame>
<img src="/images/enterprise/visibility.png" alt="CrewAI AMP 가시성 설정" />
</Frame>
<Card
title="도움이 필요하신가요?"
icon="headset"
href="mailto:support@crewai.com"
>
RBAC 구성과 점검에 대한 지원이 필요하면 연락해 주세요.
</Card>