From 4d0cc54d9a57efcc8aad27bf89b9d890c2061dbe Mon Sep 17 00:00:00 2001
From: Erin Cochran <erin.k.cochran@gmail.com>
Date: Mon, 26 Aug 2024 17:51:16 -0400
Subject: [PATCH 1/3] First pass

---
 .../docs/dagster-plus/access/rbac/users.md    | 87 ++++++++++++++++++-
 1 file changed, 84 insertions(+), 3 deletions(-)

diff --git a/docs/docs-beta/docs/dagster-plus/access/rbac/users.md b/docs/docs-beta/docs/dagster-plus/access/rbac/users.md
index eab9fd6a95c27..7f40349bf2bec 100644
--- a/docs/docs-beta/docs/dagster-plus/access/rbac/users.md
+++ b/docs/docs-beta/docs/dagster-plus/access/rbac/users.md
@@ -1,7 +1,88 @@
 ---
-title: "User management"
+title: "Managing users in Dagster+"
 displayed_sidebar: "dagsterPlus"
-sidebar_position: 1
+sidebar_label: "User management"
+sidebar_position: 10
 ---
 
-# User management in Dagster+
\ No newline at end of file
+Dagster+ allows you to grant specific permissions to your organization's users, ensuring that Dagster users have access only to what they require.
+
+In this guide, you'll learn how to manage users and their permissions using the Dagster+ UI.
+
+<details>
+<summary>Prerequisites</summary>
+
+- A Dagster+ account
+- The required [Dagster+ permissions](/todo):
+   - **Organization Admins** can add, manage, and remove users
+   - **Admins** can add users
+
+</details>
+
+## Before you start
+
+- **If System for Cross-domain Identity Management specification (SCIM) provisioning is enabled,** you'll need to add new users in your identity provider (IdP). Adding users will be disabled in Dagster+.
+- **If using Google for Single sign-on (SSO)**, users must be added in Dagster+ before they can log in.
+- **If using an Identity Provider (IdP) like Okta for SSO**, users must be assigned to the Dagster app in the IdP to be able to log in to Dagster+. Refer to the [SSO setup guides](/todo) for setup instructions for each of our supported IdP solutions.
+
+  By default, users will be granted Viewer permissions on each deployment. The default role can be adjusted by modifying the [`sso_default_role` deployment setting](/todo).
+
+## Adding users
+
+1. Sign in to your Dagster+ account.
+2. Click the **user menu (your icon) > Organization Settings**.
+3. Click the **Users** tab.
+4. Click **Add new user.**
+5. In the **User email** field, enter the user's email address.
+6. Click **Add user**.
+
+After the user is created, you can [add the user to teams](#teams) and [assign user roles for each deployment](#user-roles).
+
+TODO: ADD SCREENSHOT 
+
+## Adding users to teams {#teams}
+
+:::note
+Teams are a Dagster+ Pro feature.
+:::
+
+Teams are useful for centralizing permission sets for different types of users. Refer to [Managing teams](/todo) for more information about creating and managing teams.
+
+TODO: ADD SCREENSHOT
+
+**Note**: When determining a user's level of access, Dagster+ will use the **most permissive** role assigned to the user between all of their team memberships and any individual role grants. Refer to [Managing user roles and permissions](/todo) for more information.
+
+## Assigning user roles {#user-roles}
+
+In the **Roles** section, you can assign a [user role](/todo) for each deployment.
+
+1. Next to a deployment, click **Edit user role**.
+2. Select the user role for the deployment. This [user role](/todo) will be used as the default for all code locations in the deployment.
+3. Click **Save**.
+4. **Pro only**: To set permissions for individual [code locations](/todo) in a deployment:
+   1. Click the toggle to the left of the deployment to open a list of code locations.
+   2. Next to a code location, click **Edit user role**.
+   3. Select the user role for the code location.
+   4. Click **Save**.
+5. Repeat the previous steps for each deployment.
+6. **Optional**: To change the user's permissions for branch deployments:
+   1. Next to **All branch deployments**, click **Edit user role**.
+   2. Select the user role to use for all branch deployments.
+   3. Click **Save**.
+7. Click **Done**.
+
+## Removing users
+
+Removing a user removes them from the Dagster+ organization. **Note**: If using SSO, you'll also need to remove the user from the IdP. Removing the user in Dagster+ doesn't remove them from the IdP.
+
+1. Sign in to your Dagster+ account.
+2. Click the **user menu (your icon) > Organization Settings**.
+3. Click the **Users** tab.
+4. Locate the user in the user list.
+5. Click **Edit**.
+6. Click **Remove user**.
+7. When prompted, confirm the removal.
+
+## Next steps
+
+- [TODO](/todo)
\ No newline at end of file

From 7019420f442b3bca6b8a8ab00f1ba1eee8b9d2fd Mon Sep 17 00:00:00 2001
From: Colton Padden <colton@dagsterlabs.com>
Date: Thu, 19 Sep 2024 16:15:12 -0400
Subject: [PATCH 2/3] address feedback

---
 .../docs/dagster-plus/access/rbac/users.md       | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/docs/docs-beta/docs/dagster-plus/access/rbac/users.md b/docs/docs-beta/docs/dagster-plus/access/rbac/users.md
index 6d815bd11950d..230efebac8417 100644
--- a/docs/docs-beta/docs/dagster-plus/access/rbac/users.md
+++ b/docs/docs-beta/docs/dagster-plus/access/rbac/users.md
@@ -27,7 +27,7 @@ In this guide, you'll learn how to manage users and their permissions using the
 
 By default, users will be granted Viewer permissions on each deployment. The default role can be adjusted by modifying the [`sso_default_role` deployment setting](/todo).
 
-## Adding users
+## Adding users to Dagster+
 
 1. Sign in to your Dagster+ account.
 2. Click the **user menu (your icon) > Organization Settings**.
@@ -36,9 +36,9 @@ By default, users will be granted Viewer permissions on each deployment. The def
 5. In the **User email** field, enter the user's email address.
 6. Click **Add user**.
 
-After the user is created, you can [add the user to teams](#teams) and [assign user roles for each deployment](#user-roles).
+After the user is created, they will be notified via email, and you can [add the user to teams](#teams) and [assign user roles for each deployment](#user-roles).
 
-TODO: ADD SCREENSHOT 
+![Screenshot of assigning roles to a user](/img/placeholder.svg)
 
 ## Adding users to teams {#teams}
 
@@ -48,13 +48,15 @@ Teams are a Dagster+ Pro feature.
 
 Teams are useful for centralizing permission sets for different types of users. Refer to [Managing teams](/todo) for more information about creating and managing teams.
 
-TODO: ADD SCREENSHOT
+![Screenshot of Managing teams page](/img/placeholder.svg)
 
-**Note**: When determining a user's level of access, Dagster+ will use the **most permissive** role assigned to the user between all of their team memberships and any individual role grants. Refer to [Managing user roles and permissions](/todo) for more information.
+:::note
+When determining a user's level of access, Dagster+ will use the **most permissive** role assigned to the user between all of their team memberships and any individual role grants. Refer to [Managing user roles and permissions](/todo) for more information.
+:::
 
 ## Assigning user roles {#user-roles}
 
-In the **Roles** section, you can assign a [user role](/todo) for each deployment.
+In the **Roles** section, you can assign a [user role](/todo) for each deployment, granting them a set of permissions that controls their access to various features and functionalities within the platform.
 
 1. Next to a deployment, click **Edit user role**.
 2. Select the user role for the deployment. This [user role](/todo) will be used as the default for all code locations in the deployment.
@@ -88,4 +90,4 @@ Removing a user removes them from the organization. **Note**: If using a SAML-ba
 - Learn more about role-based access control (RBAC) in [Understanding User Roles & Permissions](/dagster-plus/access/rbac/user-roles-permissions)
 - Learn more about how to manage teams in Dagster+ in [Understanding Team Management in Dagster+](/dagster-plus/access/rbac/teams)
 - Learn more about SCIM provisioning in [Understanding SCIM Provisioning](/dagster-plus/access/authentication/scim-provisioning)
-- Learn more about authentication in [Understanding Authentication](/dagster-plus/access/authentication)
\ No newline at end of file
+- Learn more about authentication in [Understanding Authentication](/dagster-plus/access/authentication)

From fba858f2f939d1665ff3e09a9e3c062f300035f2 Mon Sep 17 00:00:00 2001
From: Colton Padden <colton@dagsterlabs.com>
Date: Thu, 19 Sep 2024 16:18:25 -0400
Subject: [PATCH 3/3] placeholders

---
 .../deployment/environment-variables/dagster-ui.md          | 2 +-
 .../dagster-plus/deployment/hybrid/agents/kubernetes.md     | 2 +-
 docs/docs-beta/docs/dagster-plus/getting-started.md         | 4 ++--
 docs/docs-beta/docs/guides/kubernetes.md                    | 6 ++----
 docs/docs-beta/docs/guides/transform-dbt.md                 | 2 +-
 5 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/docs/docs-beta/docs/dagster-plus/deployment/environment-variables/dagster-ui.md b/docs/docs-beta/docs/dagster-plus/deployment/environment-variables/dagster-ui.md
index 56f69103904ea..514a13fda0705 100644
--- a/docs/docs-beta/docs/dagster-plus/deployment/environment-variables/dagster-ui.md
+++ b/docs/docs-beta/docs/dagster-plus/deployment/environment-variables/dagster-ui.md
@@ -85,7 +85,7 @@ For example, if you wanted to provide different Snowflake passwords for your pro
    - Set the value as the branch deployment password, and
    - Check only the **Branch deployments** box
 
-SCREENSHOT
+![Screenshot of environment variables](/img/placeholder.svg)
 
 ## Next steps
 
diff --git a/docs/docs-beta/docs/dagster-plus/deployment/hybrid/agents/kubernetes.md b/docs/docs-beta/docs/dagster-plus/deployment/hybrid/agents/kubernetes.md
index d88b09739578b..d486407e5d6ba 100644
--- a/docs/docs-beta/docs/dagster-plus/deployment/hybrid/agents/kubernetes.md
+++ b/docs/docs-beta/docs/dagster-plus/deployment/hybrid/agents/kubernetes.md
@@ -117,7 +117,7 @@ helm --namespace dagster-cloud upgrade agent \
 
 You can see basic health information about your agent in the Dagster+ UI:
 
-{/* TODO: Screenshot */}
+![Screenshot of agent health information](/img/placeholder.svg)
 
 ### View logs
 
diff --git a/docs/docs-beta/docs/dagster-plus/getting-started.md b/docs/docs-beta/docs/dagster-plus/getting-started.md
index 5afdb38161182..afe3e4f4666bc 100644
--- a/docs/docs-beta/docs/dagster-plus/getting-started.md
+++ b/docs/docs-beta/docs/dagster-plus/getting-started.md
@@ -23,7 +23,7 @@ The remaining steps depend on your deployment type.
 
 We recommend following the steps in Dagster+ to add a new project.
 
-[comment]: <> (TODO: Screenshot of Dagster+ serverless Nux)
+![Screenshot of Dagster+ serverless NUX](/img/placeholder.svg)
 
 The Dagster+ on-boarding will guide you through:
 - creating a Git repository containing your Dagster code
@@ -58,4 +58,4 @@ Refer to the guide for [adding a code location](/dagster-plus/deployment/code-lo
 
 ## Next steps
 
-Your Dagster+ account is automatically enrolled in a trial. You can [pick your plan type and enter your billing information](/dagster-plus/settings), or [contact the Dagster team](https://dagster.io/contact) if you need support or want to evaluate the Dagster+ Pro plan.
\ No newline at end of file
+Your Dagster+ account is automatically enrolled in a trial. You can [pick your plan type and enter your billing information](/dagster-plus/settings), or [contact the Dagster team](https://dagster.io/contact) if you need support or want to evaluate the Dagster+ Pro plan.
diff --git a/docs/docs-beta/docs/guides/kubernetes.md b/docs/docs-beta/docs/guides/kubernetes.md
index de729fc59830e..1f5c15b648da6 100644
--- a/docs/docs-beta/docs/guides/kubernetes.md
+++ b/docs/docs-beta/docs/guides/kubernetes.md
@@ -182,22 +182,20 @@ kubectl --namespace default port-forward $DAGSTER_WEBSERVER_POD_NAME 8080:80
 This command gets the full name of the `webserver` pod from the output of `kubectl get pods`, and then sets up port forwarding with the `kubectl port-forward` command.
 
 ### Step 6.2: Visit your Dagster deployment
-The webserver has been port-forwarded to `8080`, so you can visit the Dagster deployment by going to [http://127.0.0.1:8080](http://127.0.0.1:8080). You should see the Dagster landing page
 
-{/* TODO screenshot */}
+The webserver has been port-forwarded to `8080`, so you can visit the Dagster deployment by going to [http://127.0.0.1:8080](http://127.0.0.1:8080). You should see the Dagster landing page
 
+![Screenshot of Dagster landing page](/img/placeholder.svg)
 
 ### Step 6.3: Materialize an asset
 In the Dagster UI, navigate to the Asset catalog and click the **Materialize** button to materialize an asset. Dagster will start a Kubernetes job to materialize the asset. You can introspect on the Kubernetes cluster to see this job:
 
-
 ```bash
 $ kubectl get jobs
 NAME                                               COMPLETIONS   DURATION   AGE
 dagster-run-5ee8a0b3-7ca5-44e6-97a6-8f4bd86ee630   1/1           4s         11s
 ```
 
-
 ## Next steps
 - Forwarding Dagster logs from a Kubernetes deployment to AWS, Azure, GCP
 - Other configuration options for K8s deployment - secrets,
diff --git a/docs/docs-beta/docs/guides/transform-dbt.md b/docs/docs-beta/docs/guides/transform-dbt.md
index fdc100825c8f1..758133ae012e7 100644
--- a/docs/docs-beta/docs/guides/transform-dbt.md
+++ b/docs/docs-beta/docs/guides/transform-dbt.md
@@ -62,7 +62,7 @@ Next, create a `_source.yml` file that points dbt to the upstream `raw_customers
 
 <CodeExample filePath="guides/etl/transform-dbt/basic-dbt-project/models/example/_source.yml" language="yaml" title="_source.yml_" />
 
-{/* TODO: Maybe screenshot to show the lineage? */}
+![Screenshot of dbt lineage](/img/placeholder.svg)
 
 ## Adding downstream dependencies