diff --git a/TOC-tidb-cloud-essential.md b/TOC-tidb-cloud-essential.md
index b20037c226b92..c3eb6d5c10c12 100644
--- a/TOC-tidb-cloud-essential.md
+++ b/TOC-tidb-cloud-essential.md
@@ -29,6 +29,7 @@
## GUIDES
- [Select Your Plan](/tidb-cloud/select-cluster-tier.md)
+- [Use the My TiDB Page](/tidb-cloud/my-tidb.md)
- Manage {{{ .essential }}} Instances
- [Create a {{{ .essential }}} Instance](/tidb-cloud/create-tidb-cluster-serverless.md)
- Connect to Your {{{ .essential }}} Instance
diff --git a/TOC-tidb-cloud-premium.md b/TOC-tidb-cloud-premium.md
index b5694ea84b962..56450a6e58c14 100644
--- a/TOC-tidb-cloud-premium.md
+++ b/TOC-tidb-cloud-premium.md
@@ -125,6 +125,7 @@
## GUIDES
- [Select Your Plan](/tidb-cloud/select-cluster-tier.md)
+- [Use the My TiDB Page](/tidb-cloud/my-tidb.md)
- Manage {{{ .premium }}} Instances
- [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md)
- Connect to Your {{{ .premium }}} Instance
diff --git a/TOC-tidb-cloud-starter.md b/TOC-tidb-cloud-starter.md
index 0e7050aa27d1b..f838aa32aba54 100644
--- a/TOC-tidb-cloud-starter.md
+++ b/TOC-tidb-cloud-starter.md
@@ -31,6 +31,7 @@
## GUIDES
- [Select Your Plan](/tidb-cloud/select-cluster-tier.md)
+- [Use the My TiDB Page](/tidb-cloud/my-tidb.md)
- Manage {{{ .starter }}} Instances
- [Create a {{{ .starter }}} Instance](/tidb-cloud/create-tidb-cluster-serverless.md)
- Connect to Your {{{ .starter }}} Instance
diff --git a/TOC-tidb-cloud.md b/TOC-tidb-cloud.md
index ea087cbceca74..cdfd0a1dce94c 100644
--- a/TOC-tidb-cloud.md
+++ b/TOC-tidb-cloud.md
@@ -35,6 +35,7 @@
- [Select Your Plan](/tidb-cloud/select-cluster-tier.md)
- [Determine Your TiDB Size](/tidb-cloud/size-your-cluster.md)
- [TiDB Cloud Performance Reference](/tidb-cloud/tidb-cloud-performance-reference.md)
+ - [Use the My TiDB Page](/tidb-cloud/my-tidb.md)
- [Create a TiDB Cloud Dedicated Cluster](/tidb-cloud/create-tidb-cluster.md)
- Connect to Your TiDB Cloud Dedicated Cluster
- [Network Connection Overview](/tidb-cloud/connect-to-tidb-cluster.md)
diff --git a/develop/dev-guide-build-cluster-in-cloud.md b/develop/dev-guide-build-cluster-in-cloud.md
index 9a4a4afe246b5..40e39dd6b0163 100644
--- a/develop/dev-guide-build-cluster-in-cloud.md
+++ b/develop/dev-guide-build-cluster-in-cloud.md
@@ -20,7 +20,7 @@ If you need to run TiDB on your local machine, see [Starting TiDB Locally](/quic
3. On the [**My TiDB**](https://tidbcloud.com/tidbs) page, click **Create Resource**.
-4. On the **Create** page, **Starter** is selected by default. Enter a name for your {{{ .starter }}} instance, and then select the region where you want to create it.
+4. On the **Create** page, **Starter** is selected by default. Enter a name for your {{{ .starter }}} instance, and then select the cloud provider and region where you want to create it.
5. Click **Create** to create a {{{ .starter }}} instance.
diff --git a/tidb-cloud/create-tidb-cluster-serverless.md b/tidb-cloud/create-tidb-cluster-serverless.md
index 14f3fae51b53b..11344a0267b0a 100644
--- a/tidb-cloud/create-tidb-cluster-serverless.md
+++ b/tidb-cloud/create-tidb-cluster-serverless.md
@@ -46,9 +46,9 @@ If you are in the `Organization Owner` or the `Project Owner` role, you can crea
You can start with a **Starter** instance and later upgrade to an **Essential** instance as your needs grow. For more information, see [Select a Plan](/tidb-cloud/select-cluster-tier.md).
-4. Choose a cloud provider and a region where you want to host your instance.
+4. Enter a name for your instance, and then choose a cloud provider and a region where you want to host your instance.
-5. Update the default instance name if necessary.
+5. (Optional) To group this instance in a project for management, click **Group Your Instance in a Project**, and then select the target project for the instance. If there is no project in your organization, you can create one by clicking **Create a Project**.
6. Update the capacity of the instance.
diff --git a/tidb-cloud/manage-user-access.md b/tidb-cloud/manage-user-access.md
index ace1f4c75a8ba..0c2dfdd91320d 100644
--- a/tidb-cloud/manage-user-access.md
+++ b/tidb-cloud/manage-user-access.md
@@ -5,78 +5,103 @@ summary: Learn how to manage identity access in TiDB Cloud.
# Identity Access Management
-This document describes how to manage access to organizations, projects, roles, and user profiles in TiDB Cloud.
+This document describes how to manage access to organizations, projects, resources, roles, and user profiles in TiDB Cloud.
Before accessing TiDB Cloud, [create a TiDB Cloud account](https://tidbcloud.com/free-trial). You can either sign up with email and password so that you can [manage your password using TiDB Cloud](/tidb-cloud/tidb-cloud-password-authentication.md), or choose your Google, GitHub, or Microsoft account for single sign-on (SSO) to TiDB Cloud.
-## Organizations and projects
+## Organizations, projects, and resources
-TiDB Cloud provides a hierarchical structure based on organizations and projects to facilitate the management of TiDB Cloud users and clusters. If you are an organization owner, you can create multiple projects in your organization.
+TiDB Cloud uses a hierarchical structure based on organizations, projects, and resources to help you manage users and TiDB deployments.
-For example:
+- An organization is a top level entity (such as a company or a customer) you created to manage your TiDB Cloud accounts (including a management account with any number of multiple member accounts), [projects](#project), and [resources](#resource).
+- A project is a container for TiDB Cloud resources.
+
+ - For {{{ .starter }}} and Essential instances, a project is logical container and optional, which means you can either group these instances in a project or keep these instances at the organization level.
+ - For {{{ .dedicated }}} clusters, a project is infrastructure-bound and required, which means {{{ .dedicated }}} clusters must be grouped in projects for management purposes.
+- A resource in TiDB Cloud can be either a TiDB X instance (for example, {{{ .starter }}} or {{{ .essential }}}}) or a {{{ .dedicated }}} cluster.
+
+If you are an organization owner, you can create multiple projects in your organization.
+
+- For TiDB X instances, you can either group them into projects or keep them directly at the organization level.
+- For TiDB Cloud Dedicated clusters, you must group them into projects.
+
+The following is an example of the hierarchical structure:
```
- Your organization
- - Project 1
- - Cluster 1
- - Cluster 2
- - Project 2
- - Cluster 3
- - Cluster 4
- - Project 3
- - Cluster 5
- - Cluster 6
+ - TiDB X project 1
+ - Starter instance 1
+ - Starter instance 2
+ - Essential instance 2
+ - TiDB Dedicated project 1
+ - Dedicated cluster 1
+ - Dedicated cluster 2
+ - Instances without a project
+ - Starter instance 3
```
Under this structure:
- To access an organization, a user must be a member of that organization.
- To access a project in an organization, a user must at least have the read access to the project in that organization.
-- To manage clusters in a project, a user must be in the `Project Owner` role.
+- To access a specific TiDB X instance, a user can be granted access through either a project role or an instance role.
+- To access a TiDB Cloud Dedicated cluster, a user must have the read access to the project in which the cluster is located.
For more information about user roles and permissions, see [User Roles](#user-roles).
### Organizations
-An organization can contain multiple projects.
+An organization can contain multiple projects and TiDB X instances that are not grouped in any project.
-TiDB Cloud calculates billing at the organization level and provides the billing details for each project.
+TiDB Cloud calculates billing at the organization level and provides billing details for each project and resource.
If you are an organization owner, you have the highest permission in your organization.
For example, you can do the following:
- Create different projects (such as development, staging, and production) for different purposes.
-- Assign different users with different organization roles and project roles.
+- Assign different users with different organization roles, project roles, and instance roles.
- Configure organization settings. For example, configure the time zone for your organization.
### Projects
-A project can contain multiple clusters.
+A project groups and manages TiDB Cloud resources.
-If you are a project owner, you can manage clusters and project settings for your project.
+In the TiDB Cloud console, there are three types of projects:
-For example, you can do the following:
+- **TiDB Dedicated project**: this project type is used only for {{{ .dedicated }}} clusters. In this type of project, you can only add {{{ .dedicated }}} clusters. Within your organization, settings and access controls such as networks, maintenance, alert subscriptions, and encryption access can be managed separately by project, and configurations in different projects do not affect each other.
+- **TiDB X project**: this is the default project type when you create a project on the [My TiDB](/tidb-cloud/my-tidb.md) page. In this type of project, you can only add {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances.
+- **TiDB X virtual project**: this project is virtual and it does not provide any management capabilities. It acts as a virtual container for {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances that do not belong to any project, so that these instances can be accessed through the TiDB Cloud API by using a project ID. Each organization has a unique virtual project ID. You can get the ID from the project view of the [My TiDB](/tidb-cloud/my-tidb.md) page.
-- Create multiple clusters according to your business need.
-- Assign different users with different project roles.
-- Configure project settings. For example, configure different alert settings for different projects.
+The following table lists the differences between these project types:
+
+| Feature | TiDB Dedicated Project | TiDB X Project | TiDB X Virtual Project |
+|---|---|---|---|
+| Project icon in the TiDB Cloud console | | | N/A |
+| Resource type in the project | {{{ .dedicated}}} clusters only | TiDB X instances only | TiDB X instances only |
+| Project is optional | ❌ (Each {{{ .dedicated }}} cluster must belong to a Dedicated project) | ✅ (You can either group a TiDB X instance in a TiDB X project or keep it at the organization level) | N/A (TiDB X instances not grouped in any TiDB X project are automatically grouped in the TiDB X virtual project) |
+| Project settings | ✅ | ❌ | ❌ |
+| Infrastructure binding | ✅ (Strong binding) | ❌ | ❌ |
+| RBAC model | Organization -> Project | Organization -> Project -> Instance | Organization -> Project -> Instance |
+| Project-level RBAC | ✅ | ✅ | ❌ |
+| Project-level Billing | ✅ | ✅ | ❌ |
+| Instance movement between TiDB X projects or the global scope | ❌ | ✅ | ✅ (Global only) |
## User roles
-TiDB Cloud defines different user roles to manage different permissions of TiDB Cloud users in organizations, projects, or both.
+TiDB Cloud defines different user roles to manage permissions at the organization, project, and instance levels.
-You can grant roles to a user at the organization level or at the project level. Make sure to carefully plan the hierarchy of your organizations and projects for security considerations.
+You can grant roles to a user at the organization level, the project level, or the instance level. Make sure to carefully plan the hierarchy of your organizations, projects, and resources for security considerations.
### Organization roles
-At the organization level, TiDB Cloud defines four roles, in which `Organization Owner` can invite members and grant organization roles to members.
+At the organization level, TiDB Cloud defines five roles, in which `Organization Owner` can invite members and grant organization roles to members.
| Permission | `Organization Owner` | `Organization Billing Manager` | `Organization Billing Viewer` | `Organization Console Audit Manager` | `Organization Viewer` |
|---|---|---|---|---|---|
| Manage organization settings, such as projects, API keys, and time zones. | ✅ | ❌ | ❌ | ❌ | ❌ |
| Invite users to or remove users from an organization, and edit organization roles of users. | ✅ | ❌ | ❌ | ❌ | ❌ |
-| All the permissions of `Project Owner` for all projects in the organization. | ✅ | ❌ | ❌ | ❌ | ❌ |
+| All the permissions of `Project Owner` for all projects in the organization, and all the permissions of TiDB X instance roles for all TiDB X instances in the organization. | ✅ | ❌ | ❌ | ❌ | ❌ |
| Create projects with Customer-Managed Encryption Key (CMEK) enabled. | ✅ | ❌ | ❌ | ❌ | ❌ |
| Edit payment information for the organization. | ✅ | ✅ | ❌ | ❌ | ❌ |
| View bills and use [cost explorer](/tidb-cloud/tidb-cloud-billing.md#cost-explorer). | ✅ | ✅ | ✅ | ❌ | ❌ |
@@ -90,13 +115,15 @@ At the organization level, TiDB Cloud defines four roles, in which `Organization
### Project roles
-At the project level, TiDB Cloud defines three roles, in which `Project Owner` can invite members and grant project roles to members.
+At the project level, TiDB Cloud defines four roles, in which `Project Owner` can invite members and grant project roles to members.
> **Note:**
>
-> - `Organization Owner` has all the permissions of Project Owner for all projects so `Organization Owner` can invite project members and grant project roles to members too.
-> - Each project role has all the permissions of Organization Viewer by default.
+> - `Organization Owner` has all the permissions of `Project Owner` for all projects so `Organization Owner` can invite project members and grant project roles to members too.
+> - Each project role has all the permissions of `Organization Viewer` by default.
> - If a user in your organization does not belong to any projects, the user does not have any project permissions.
+> - For both TiDB X projects and TiDB Dedicated projects, project roles control access to resources in the project. For TiDB Dedicated projects, project roles also control Dedicated-specific project settings.
+> - Project roles do not apply to the TiDB X virtual project because TiDB X virtual project does not provide any management capacities. To manage RBAC for a specific TiDB X instance that are not grouped in any TiDB X project, use [instance roles](#instance-roles).
| Permission | `Project Owner` | `Project Data Access Read-Write` | `Project Data Access Read-Only` | `Project Viewer` |
|---|---|---|---|---|
@@ -104,16 +131,42 @@ At the project level, TiDB Cloud defines three roles, in which `Project Owner` c
| Invite users to or remove users from a project, and edit project roles of users. | ✅ | ❌ | ❌ | ❌ |
| Manage [database audit logging](/tidb-cloud/tidb-cloud-auditing.md) of the project. | ✅ | ❌ | ❌ | ❌ |
| Manage [spending limit](/tidb-cloud/manage-serverless-spend-limit.md) for all {{{ .starter }}} instances in the project. | ✅ | ❌ | ❌ | ❌ |
-| Manage cluster operations in the project, such as cluster creation, modification, and deletion. | ✅ | ❌ | ❌ | ❌ |
+| Manage resource operations in the project, such as creating, modifying, moving, and deleting instances or clusters supported by the project type. | ✅ | ❌ | ❌ | ❌ |
| Manage branches for {{{ .starter }}} and {{{ .essential }}} instances in the project, such as branch creation, connection, and deletion. | ✅ | ❌ | ❌ | ❌ |
-| Manage cluster data such as data import, data backup and restore, and data migration. | ✅ | ✅ | ❌ | ❌ |
+| Manage resource data such as data import, data backup and restore, and data migration. | ✅ | ✅ | ❌ | ❌ |
| Manage [Data Service](/tidb-cloud/data-service-overview.md) for data read-only operations such as using or creating endpoints to read data. | ✅ | ✅ | ✅ | ❌ |
| Manage [Data Service](/tidb-cloud/data-service-overview.md) for data read and write operations. | ✅ | ✅ | ❌ | ❌ |
-| View cluster data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md). | ✅ | ✅ | ✅ | ❌ |
-| Modify and delete cluster data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md). | ✅ | ✅ | ❌ | ❌ |
+| View resource data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md), if supported by the resource type. | ✅ | ✅ | ✅ | ❌ |
+| Modify and delete resource data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md), if supported by the resource type. | ✅ | ✅ | ❌ | ❌ |
| Manage [changefeeds](/tidb-cloud/changefeed-overview.md). | ✅ | ✅ | ✅ | ❌ |
-| Review and reset cluster passwords. | ✅ | ❌ | ❌ | ❌ |
-| View cluster overview, backup records, metrics, events, and [changefeeds](/tidb-cloud/changefeed-overview.md) in the project. | ✅ | ✅ | ✅ | ✅ |
+| Review and reset resource passwords, if supported by the resource type. | ✅ | ❌ | ❌ | ❌ |
+| View resource overview, backup records, metrics, events, and [changefeeds](/tidb-cloud/changefeed-overview.md) in the project. | ✅ | ✅ | ✅ | ✅ |
+
+### Instance roles
+
+TiDB X instances support instance-level roles so that you can grant access to a single TiDB X instance without granting the same access to all resources in a project.
+
+> **Note:**
+>
+> - Instance roles apply only to TiDB X instances, including {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}}. TiDB Cloud Dedicated clusters does not support instance roles.
+> - `Organization Owner` automatically has all permissions for all TiDB X instances in the organization.
+> - Each instance role inherits all the permissions of the Organization Viewer role by default.
+> - Project roles and instance roles are additive. A user can inherit access from a project role and also have a more specific role on an individual instance.
+
+| Permission | `Instance Manager` | `TiDB X Instance Data Access Read-Write` | `TiDB X Instance Data Access Read-Only` | `TiDB X Instance Viewer` |
+|---|---|---|---|---|
+| Manage instance operations, such as instance creation, modification, and deletion. | ✅ | ❌ | ❌ | ❌ |
+| View and modify instance data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md). | ✅ | ✅ | ❌ | ❌ |
+| View instance data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md). | ✅ | ✅ | ✅ | ❌ |
+| Manage instance-scoped roles. | ✅ | ❌ | ❌ | ❌ |
+| View backup records of the TiDB X instance. | ✅ | ❌ | ❌ | ✅ |
+| Restore the TiDB X instance from backups. | ✅ | ❌ | ❌ | ❌ |
+| View instance overview. | ✅ | ❌ | ❌ | ✅ |
+| View network settings. | ✅ | ❌ | ❌ | ✅ |
+| View monitor and metrics. | ✅ | ❌ | ❌ | ✅ |
+| View alerts. | ✅ | ❌ | ❌ | ✅ |
+
+Use project roles when you want to manage all resources in a project, and use instance roles when you want to grant access only to a specific TiDB X instance.
## Manage organization access
@@ -144,32 +197,34 @@ To change the local timezone setting, take the following steps:
4. Click **Update**.
-### Invite an organization member
+### Invite a user to your organization
If you are in the `Organization Owner` role, you can invite users to your organization.
> **Note:**
>
-> You can also [invite a user to your project](#invite-a-project-member) directly according to your need, which also makes the user your organization member.
+> You can also [invite a user to your project](#invite-a-project-member) or [grant a user access to a TiDB X instance](#grant-access-to-a-tidb-x-instance) directly according to your need, which also makes the user your organization member.
-To invite a member to an organization, take the following steps:
+To invite a user to your organization, take the following steps:
1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
2. In the left navigation pane, click **Organization Settings** > **Users**.
-3. On the **Users** page, click the **By Organization** tab.
+3. On the **Users** page, click **Invite User** in the upper-right corner.
-4. Click **Invite**.
-
-5. Enter the email address of the user to be invited, and then select an organization role for the user.
+4. Enter the email address of the user to be invited.
> **Tip:**
>
- > - If you want to invite multiple members at one time, you can enter multiple email addresses.
- > - The invited user does not belong to any projects by default. To invite a user to a project, see [Invite a project member](#invite-a-project-member).
+ > If you want to invite multiple members at one time, you can enter multiple email addresses.
-6. Click **Confirm**. Then the new user is successfully added into the user list. At the same time, an email is sent to the invited email address with a verification link.
+5. (Optional) The invited user does not have any project or instance permissions by default. To grant project or instance roles to the user, do the following:
+
+ - To grant project-level access to the user, click **Add Roles and Select Project**, and then grant roles and select the target projects for the user.
+ - To grant access to a specific TiDB X instance to the user, click **Add Roles and Select Instance**, and then grant roles and select the target TiDB X instance for the user.
+
+6. Click **Invite**. Then the new user is successfully added into the user list. At the same time, an email is sent to the invited email address with a verification link.
7. After receiving this email, the user needs to click the link in the email to verify the identity, and a new page shows.
@@ -179,20 +234,6 @@ To invite a member to an organization, take the following steps:
>
> The verification link in the email expires in 24 hours. If the user you want to invite does not receive the email, click **Resend**.
-### Modify organization roles
-
-If you are in the `Organization Owner` role, you can modify organization roles of all members in your organization.
-
-To modify the organization role of a member, take the following steps:
-
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
-
-2. In the left navigation pane, click **Organization Settings** > **Users**.
-
-3. On the **Users** page, click the **By Organization** tab.
-
-4. Click the role of the target member, and then modify the role.
-
### Remove an organization member
If you are in the `Organization Owner` role, you can remove organization members from your organization.
@@ -201,50 +242,57 @@ To remove a member from an organization, take the following steps:
> **Note:**
>
-> If a member is removed from an organization, the member is removed from the belonged projects either.
+> If a member is removed from an organization, the member is also removed from all projects and loses all instance access in the organization.
1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
2. In the left navigation pane, click **Organization Settings** > **Users**.
-3. On the **Users** page, click the **By Organization** tab.
+3. On the **Users** page, locate the row of the target member, click **...** in the row, and then click **Delete**.
-4. In the row of the target member, click **...** > **Delete**.
+4. In the confirmation dialog, click **Delete**.
## Manage project access
-### View and switch between projects
+### View projects
-To view and switch between projects, take the following steps:
+To view projects in your organization, take the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), click the combo box in the upper-left corner. The list of organizations and projects you belong to is displayed.
+1. In the TiDB Cloud console, navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click the icon to go to the project view.
> **Tip:**
>
- > - If you are currently on the page of a specific TiDB Cloud resource, after clicking the combo box in the upper-left corner, you also need to click ← in the combo box to return to the organization and project list.
- > - If you are a member of multiple projects, you can click the target project name in the combo box to switch between projects.
+ > If you are in multiple organizations, use the combo box in the upper-left corner to switch to your target organizations first.
-2. To view the detailed information of your project, click the project name, and then click **Project Settings** in the left navigation pane.
+2. In the project view, you can see the projects you belong to in the organization:
+
+ - TiDB X instances that do not belong to any project are displayed in a table named `Out of project`.
+ - TiDB X instances that belong to specific projects are displayed in their corresponding TiDB X project tables.
+ - TiDB Cloud Dedicated clusters are displayed in their corresponding Dedicated project tables. These tables have a **D** in the folder icon to identify the **Dedicated** project type.
### Create a project
> **Note:**
>
-> For free trial users, you cannot create a new project.
+> - For free trial users, you cannot create a new project.
+> - For TiDB X instances, creating a project is optional. For TiDB Cloud Dedicated clusters, you must use the default project or create new projects to manage them.
If you are in the `Organization Owner` role, you can create projects in your organization.
To create a new project, take the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+1. In the [TiDB Cloud console](https://tidbcloud.com), click **...** in the upper-right corner, and then click **Create Project**
-2. In the left navigation pane, click **Projects**.
+ > **Tip:**
+ >
+ > If you are in multiple organizations, use the combo box in the upper-left corner to switch to your target organizations first.
-3. On the **Projects** page, click **Create New Project**.
+2. In the displayed dialog, enter a project name.
-4. Enter your project name.
+3. Depending on which type of TiDB Cloud resources you are creating the project for, do one of the following:
-5. Click **Confirm**.
+ - If the project is created for TiDB X instances, click **Confirm**.
+ - If the project is created for {{{ .dedicated }}} clusters, select the **Create for Dedicated Cluster** option, configure [Customer-Managed Encryption Keys (CMEK)](/tidb-cloud/tidb-cloud-encrypt-cmek-aws.md) and [maintenance window](/tidb-cloud/configure-maintenance-window.md) for the project, and then click **Confirm**.
### Rename a project
@@ -252,15 +300,17 @@ If you are in the `Organization Owner` role, you can rename any projects in your
To rename a project, take the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+1. In the TiDB Cloud console, navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click the icon to go to the project view.
-2. In the left navigation pane, click **Projects**.
+ > **Tip:**
+ >
+ > If you are in multiple organizations, use the combo box in the upper-left corner to switch to your target organizations first.
-3. In the row of your project to be renamed, click **...** > **Rename**.
+2. In the project view, locate the table of your target project, click **...** in the upper-right corner of the table, and then click **Rename**.
-4. Enter a new project name.
+3. Enter a new project name.
-5. Click **Confirm**.
+4. Click **Confirm**.
### Invite a project member
@@ -272,57 +322,102 @@ If you are in the `Organization Owner` or `Project Owner` role, you can invite m
To invite a member to a project, take the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+1. In the TiDB Cloud console, navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click the icon to go to the project view.
-2. In the left navigation pane, click **Organization Settings** > **Users**.
-
-3. On the **Users** page, click the **By Project** tab, and then choose your project in the drop-down list.
+ > **Tip:**
+ >
+ > If you are in multiple organizations, use the combo box in the upper-left corner to switch to your target organizations first.
-4. Click **Invite**.
+2. In the project view, locate the table of your target project, click **...** in the upper-right corner of the table, and then click **Invite**.
-5. Enter the email address of the user to be invited, and then select a project role for the user.
+3. In the displayed dialog, enter the email address of the user to be invited, and then select a project role for the user.
> **Tip:**
>
> If you want to invite multiple members at one time, you can enter multiple email addresses.
-6. Click **Confirm**. Then the new user is successfully added into the user list. At the same time, an email is sent to the invited email address with a verification link.
+4. Click **Confirm**. Then the new user is successfully added into the user list. At the same time, an email is sent to the invited email address with a verification link.
-7. After receiving this email, the user needs to click the link in the email to verify the identity, and a new page shows.
+5. After receiving this email, the user needs to click the link in the email to verify the identity, and a new page shows.
-8. If the invited email address has not been signed up for a TiDB Cloud account, the user is directed to the sign-up page to create an account. If the email address has been signed up for a TiDB Cloud account, the user is directed to the sign-in page. After sign-in, the account joins the project automatically.
+6. If the invited email address has not been signed up for a TiDB Cloud account, the user is directed to the sign-up page to create an account. If the email address has been signed up for a TiDB Cloud account, the user is directed to the sign-in page. After sign-in, the account joins the project automatically.
> **Note:**
>
> The verification link in the email will expire in 24 hours. If your user doesn't receive the email, click **Resend**.
-### Modify project roles
+### Remove project access for a user
-If you are in the `Organization Owner` role, you can modify project roles of all project members in your organization. If you are in the `Project Owner` role, you can modify project roles of all members in your project.
+If you are in the `Organization Owner` or `Project Owner` role, you can remove project members.
-To modify the project role of a member, take the following steps:
+To remove a member from a project, take the following steps:
1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
2. In the left navigation pane, click **Organization Settings** > **Users**.
-3. On the **Users** page, click the **By Project** tab, and then choose your project in the drop-down list.
+3. On the **Users** page, locate the row of the target member, click **...** in the row, and then click **Edit Role**.
-4. In the row of the target member, click the role in the **Role** column, and then choose a new role from the drop-down list.
+4. On the **Edit Role** dialog, locate the target project, and then click the icon.
-### Remove a project member
+5. Click **Save**.
-If you are in the `Organization Owner` or `Project Owner` role, you can remove project members.
+## Manage instance access
-To remove a member from a project, take the following steps:
+### Grant access to a TiDB X instance {#grant-access-to-a-tidb-x-instance}
+
+If you are in the `Organization Owner` or `Project Owner` role, you can grant a instance role for a specific TiDB X instance to a user.
+
+> **Note:**
+>
+> Instance access applies only to TiDB X instances.
+
+To grant access to a TiDB X instance, take the following steps:
+
+1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+
+2. In the left navigation pane, click **Organization Settings** > **Users**.
+
+3. On the **Users** page, locate the row of the target member, click **...** in the row, and then click **Edit Role**.
+
+ > **Tip:**
+ >
+ > If the user is not in your organization yet, click **Invite User** in the upper-right corner, and follow the steps in [Invite a user to your organization](#invite-a-user-to-your-organization) to grant the instance role to the user.
+
+4. On the **Edit Role** page, click **Add Role and Select Instance** in the **Instance access** section, and then grant roles and select the target TiDB X instance for the user.
+
+5. Click **Save**.
+
+### Remove instance access for a user
+
+If you are in the `Organization Owner` or `Project Owner` role, you can remove instance access for a user.
+
+To remove instance access for a user, take the following steps:
+
+1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+
+2. In the left navigation pane, click **Organization Settings** > **Users**.
+
+3. On the **Users** page, locate the row of the target member, click **...** in the row, and then click **Edit Role**.
+
+4. On the **Edit Role** dialog, locate the target instance, and then click the icon.
+
+5. Click **Save**.
+
+## Modify roles of a user
+
+To modify a role of a user in TiDB Cloud, take the following steps:
1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
2. In the left navigation pane, click **Organization Settings** > **Users**.
-3. On the **Users** page, click the **By Project** tab, and then choose your project in the drop-down list.
+3. On the **Users** page, locate the row of the target user, click **...** in the row, and then click **Edit Role**.
+
+ - If you are in the `Organization Owner` role, you can modify organization roles, project roles, and instance roles of the target user.
+ - If you are in the `Project Owner` role, you can modify project roles and instance roles of the target user.
-4. In the row of the target member, click **...** > **Delete**.
+4. Click **Save**.
## Manage user profiles
diff --git a/tidb-cloud/my-tidb.md b/tidb-cloud/my-tidb.md
new file mode 100644
index 0000000000000..058ace7a98bb5
--- /dev/null
+++ b/tidb-cloud/my-tidb.md
@@ -0,0 +1,68 @@
+---
+title: Use the My TiDB Page
+summary: Learn how to use the My TiDB Page to manage your TiDB resources and projects.
+---
+
+# Use the My TiDB Page to manage your TiDB Cloud resources and projects
+
+In the [TiDB Cloud console](https://tidbcloud.com/), [**My TiDB**](https://tidbcloud.com/tidbs) is a centralized page for all TiDB Cloud resources and projects that you can access within the current organization, helping you easily discover, access, and manage your TiDB resources.
+
+## What are TiDB Cloud resources and projects?
+
+### TiDB Cloud resources
+
+A TiDB Cloud resource is a manageable TiDB Cloud deployment unit. It can be one of the following:
+
+- A {{{ .starter }}}, {{{ .essential }}}, or {{{ .premium }}} [instance](/tidb-cloud/tidb-cloud-glossary.md#instance)
+- A {{{ .dedicated }}} [cluster](/tidb-cloud/tidb-cloud-glossary.md#cluster)
+
+### TiDB Cloud projects
+
+In TiDB Cloud, you can use [projects](/tidb-cloud/tidb-cloud-glossary.md#project) to group and manage your TiDB resources.
+
+- For {{{ .starter }}}, Essential, and Premium instances, projects are optional, which means you can either group these instances in a project or keep these instances at the organization level.
+- For {{{ .dedicated }}} clusters, projects are required.
+
+## Create TiDB Cloud resources
+
+To create a TiDB Cloud resource, go to the [**My TiDB**](https://tidbcloud.com/tidbs) page, and then click **Create Resource** in the upper-right corner.
+
+For more information, see the following documents:
+
+- [Create a {{{ .starter }}} or Essential Instance](/tidb-cloud/starter/create-tidb-cluster-serverless.md)
+- [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md)
+- [Create a {{{ .dedicated }}} Cluster](/tidb-cloud/create-tidb-cluster.md)
+
+## View and manage TiDB Cloud resources
+
+By default, the [**My TiDB**](https://tidbcloud.com/tidbs) page shows a list of all resources within your current organization that you have permission to access.
+
+- To open the overview page of a TiDB Cloud resource, click the name of the target resource.
+- To perform quick actions on a TiDB Cloud resource, such as deleting, renaming, and importing data, click **...** in the row of the target resource.
+- If your organization has many instances or clusters, you can use the filters at the top of the page to quickly find what you need.
+
+If you want to view your resources hierarchically by project, click the icon above the resource list to switch to the project view.
+
+- TiDB X instances that do not belong to any project are displayed in a table named `Out of project`.
+- TiDB X instances that belong to specific projects are displayed in their corresponding TiDB X project tables.
+- TiDB Cloud Dedicated clusters are displayed in their corresponding Dedicated project tables. These tables have a **D** in the folder icon to identify the **Dedicated** project type.
+
+For more information about project types, see [Project types](/tidb-cloud/tidb-cloud-glossary.md#project-types).
+
+## Create TiDB Cloud projects
+
+To create a new project, click **...** in the upper-right corner, and then click **Create Project**. For more information, see [Create a project](/tidb-cloud/manage-user-access.md#create-a-project).
+
+You can also create a project when creating TiDB Cloud resources. For more information, see the following documents:
+
+- [Create a {{{ .starter }}} or Essential Instance](/tidb-cloud/starter/create-tidb-cluster-serverless.md)
+- [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md)
+- [Create a TiDB Cloud Dedicated Cluster](/tidb-cloud/create-tidb-cluster.md)
+
+## Manage TiDB Cloud projects
+
+On the the [**My TiDB**](https://tidbcloud.com/tidbs) page, click the icon to go to the project view. Then, you can click **...** in the row of the target project name to perform quick actions on the project, such as renaming the project or inviting members to the project.
+
+For **Dedicated** projects, you can also click the icon in the row of the target project to access more project management operations, such as managing networks, alert subscriptions, and project members.
+
+For more information, see [Manage project access](/tidb-cloud/manage-user-access.md).
\ No newline at end of file
diff --git a/tidb-cloud/premium/create-tidb-instance-premium.md b/tidb-cloud/premium/create-tidb-instance-premium.md
index 725ec26be4f8c..0ad497e600e8f 100644
--- a/tidb-cloud/premium/create-tidb-instance-premium.md
+++ b/tidb-cloud/premium/create-tidb-instance-premium.md
@@ -41,8 +41,8 @@ If you have the `Organization Owner` role, you can create a {{{ .premium }}} ins
1. In the [TiDB Cloud console](https://tidbcloud.com/tidbs), navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page, and then click **Create Resource** in the upper-right corner.
2. On the **Create Resource** page, select **Premium** as your plan.
-3. Enter a name for your {{{ .premium }}} instance.
-4. Choose a cloud provider and a region where you want to host your instance.
+3. Enter a name for your {{{ .premium }}} instance, and then choose a cloud provider and a region where you want to host your instance.
+4. (Optional) To group this {{{ .premium }}} instance in a project for management, click **Group Your Instance in a Project**, and then select the target project for the instance. If there is no project in your organization, you can create one by clicking **Create a Project**.
5. In the **Capacity** area, set the maximum number of the Request Capacity Units (RCUs) for your instance.
RCUs represent the compute resources provisioned for your workload. TiDB Cloud automatically scales your instance within this range based on demand.
diff --git a/tidb-cloud/tidb-cloud-glossary.md b/tidb-cloud/tidb-cloud-glossary.md
index 59aca5601b1a0..9ddaa5cc2fb97 100644
--- a/tidb-cloud/tidb-cloud-glossary.md
+++ b/tidb-cloud/tidb-cloud-glossary.md
@@ -29,6 +29,12 @@ Chat2Query is an AI-powered feature integrated into SQL Editor that assists user
In addition, TiDB Cloud provides a Chat2Query API for {{{ .starter }}} instances hosted on AWS. After it is enabled, TiDB Cloud will automatically create a system Data App called **Chat2Query** and a Chat2Data endpoint in Data Service. You can call this endpoint to let AI generate and execute SQL statements by providing instructions. For more information, see [Get started with Chat2Query API](/tidb-cloud/use-chat2query-api.md).
+### Cluster
+
+In TiDB Cloud, a cluster is a dedicated cloud deployment that includes explicit infrastructure details such as node topology, instance types, storage configuration, and scaling model.
+
+Among TiDB Cloud plans, only TiDB Cloud Dedicated clusters use this deployment model.
+
### Credit
TiDB Cloud offers a certain number of credits for Proof of Concept (PoC) users. One credit is equivalent to one U.S. dollar. You can use credits to pay fees before the credits become expired.
@@ -95,7 +101,7 @@ Refers to either a data instance (TiKV) or a compute instance (TiDB) or an analy
### organization
-An entity that you create to manage your TiDB Cloud accounts, including a management account with any number of multiple member accounts.
+An top level container to manage your TiDB Cloud accounts (including a management account with any number of multiple member accounts), [projects](#project), and [resources](#resource).
### organization members
@@ -109,7 +115,18 @@ A document that defines permissions applying to a role, user, or organization, s
### project
-Based on the projects created by the organization, resources such as personnel, instances, and networks can be managed separately according to projects, and resources between projects do not interfere with each other.
+In TiDB Cloud, you can use projects to group and manage your TiDB resources.
+
+- For {{{ .starter }}}, Essential, and Premium instances, projects are optional, which means you can either group these instances in a project or keep these instances at the organization level.
+- For {{{ .dedicated }}} clusters, projects are required.
+
+The function of a project varies by project type. Currently, there are three types of projects:
+
+- TiDB X project: this is the default project type when you create a project on the [My TiDB](/tidb-cloud/my-tidb.md) page. In this type of project, you can only add {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances.
+- TiDB Dedicated project: this project type is used only for {{{ .dedicated }}} clusters. In this type of project, you can only add {{{ .dedicated }}} clusters. Within your organization, settings and access controls such as networks, maintenance, alert subscriptions, and encryption access can be managed separately by project, and configurations in different projects do not affect each other.
+- TiDB virtual project: this is a virtual project. It is not displayed in the [TiDB Cloud console](https://tidbcloud.com/) and does not provide any management capabilities. It acts as a virtual container for {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances that do not belong to any project, so that these instances can be accessed through the TiDB Cloud API by using a project ID. Each organization has a unique virtual project ID.
+
+For more information about the differences between these project types, see [Project types](/tidb-cloud/manage-user-access.md#project-types).
### project members
@@ -141,6 +158,13 @@ A separate database that can be located in the same or different region and cont
TiDB Cloud measures the capacity of [changefeeds](/tidb-cloud/changefeed-overview.md) in TiCDC Replication Capacity Units (RCUs). When you create a changefeed, you can select an appropriate specification. The higher the RCU, the better the replication performance. You will be charged for these TiCDC changefeed RCUs. For more information, see [Changefeed Cost](https://www.pingcap.com/tidb-dedicated-pricing-details/#changefeed-cost).
+### Resource
+
+A TiDB resource is a manageable TiDB deployment unit. It can be one of the following:
+
+- A {{{ .starter }}}, {{{ .essential }}}, or {{{ .premium }}} [instance](#instance)
+- A {{{ .dedicated }}} [cluster](#cluster)
+
### Request Capacity Unit (RCU)
A Request Capacity Unit (RCU) is a unit of measure used to represent the provisioned compute capacity for your {{{ .essential }}} instance. One RCU provides a fixed amount of compute resources that can process a certain number of RUs per second. The number of RCUs you provision determines the baseline performance and throughput capacity of your {{{ .essential }}} instance. For more information, see [{{{ .essential }}} Pricing Details](https://www.pingcap.com/tidb-cloud-essential-pricing-details/).
@@ -176,6 +200,11 @@ A new distributed SQL architecture that makes cloud-native object storage the ba
The TiDB X architecture is now available in {{{ .starter }}} and Essential{{{ .starter }}}, Essential, and Premium. For more information, see [Introducing TiDB X: A New Foundation for Distributed SQL in the Era of AI](https://www.pingcap.com/blog/introducing-tidb-x-a-new-foundation-distributed-sql-ai-era/) and [PingCAP Launches TiDB X and New AI Capabilities at SCaiLE Summit 2025](https://www.pingcap.com/press-release/pingcap-launches-tidb-x-new-ai-capabilities/).
+### TiDB X Instance
+
+A TiDB X instance is a [TiDB X](/tidb-cloud/tidb-x-architecture.md) cloud deployment that represents a service-oriented TiDB offering. With this deployment model, you do not need to manage or understand the underlying cluster topology.
+Among TiDB Cloud plans, {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances use this deployment model.
+
### TiFlash node
The analytical storage node that replicates data from TiKV in real time and supports real-time analytical workloads.
diff --git a/tidb-cloud/tidb-cloud-quickstart.md b/tidb-cloud/tidb-cloud-quickstart.md
index 4be51f636f082..962e86e1ba01e 100644
--- a/tidb-cloud/tidb-cloud-quickstart.md
+++ b/tidb-cloud/tidb-cloud-quickstart.md
@@ -30,7 +30,7 @@ Additionally, you can try out TiDB features on [TiDB Playground](https://play.ti
- To create a new {{{ .starter }}} instance on your own, follow these steps:
1. Click **Create Resource**.
- 2. On the **Create** page, **Starter** is selected by default. Select the cloud provider and target region for your {{{ .starter }}} instance, update the default instance name if necessary, and then click **Create**. Your {{{ .starter }}} instance will be created in approximately 30 seconds.
+ 2. On the **Create Resource** page, **Starter** is selected by default. Enter a name for the {{{ .starter }}} instance, select the cloud provider and target region, and then click **Create**. Your {{{ .starter }}} instance will be created in approximately 30 seconds.