diff --git a/TOC-tidb-cloud-essential.md b/TOC-tidb-cloud-essential.md
index b20037c226b92..c3eb6d5c10c12 100644
--- a/TOC-tidb-cloud-essential.md
+++ b/TOC-tidb-cloud-essential.md
@@ -29,6 +29,7 @@
## GUIDES
- [Select Your Plan](/tidb-cloud/select-cluster-tier.md)
+- [Use the My TiDB Page](/tidb-cloud/my-tidb.md)
- Manage {{{ .essential }}} Instances
- [Create a {{{ .essential }}} Instance](/tidb-cloud/create-tidb-cluster-serverless.md)
- Connect to Your {{{ .essential }}} Instance
diff --git a/TOC-tidb-cloud-premium.md b/TOC-tidb-cloud-premium.md
index b5694ea84b962..56450a6e58c14 100644
--- a/TOC-tidb-cloud-premium.md
+++ b/TOC-tidb-cloud-premium.md
@@ -125,6 +125,7 @@
## GUIDES
- [Select Your Plan](/tidb-cloud/select-cluster-tier.md)
+- [Use the My TiDB Page](/tidb-cloud/my-tidb.md)
- Manage {{{ .premium }}} Instances
- [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md)
- Connect to Your {{{ .premium }}} Instance
diff --git a/TOC-tidb-cloud-starter.md b/TOC-tidb-cloud-starter.md
index 0e7050aa27d1b..f838aa32aba54 100644
--- a/TOC-tidb-cloud-starter.md
+++ b/TOC-tidb-cloud-starter.md
@@ -31,6 +31,7 @@
## GUIDES
- [Select Your Plan](/tidb-cloud/select-cluster-tier.md)
+- [Use the My TiDB Page](/tidb-cloud/my-tidb.md)
- Manage {{{ .starter }}} Instances
- [Create a {{{ .starter }}} Instance](/tidb-cloud/create-tidb-cluster-serverless.md)
- Connect to Your {{{ .starter }}} Instance
diff --git a/TOC-tidb-cloud.md b/TOC-tidb-cloud.md
index ea087cbceca74..cdfd0a1dce94c 100644
--- a/TOC-tidb-cloud.md
+++ b/TOC-tidb-cloud.md
@@ -35,6 +35,7 @@
- [Select Your Plan](/tidb-cloud/select-cluster-tier.md)
- [Determine Your TiDB Size](/tidb-cloud/size-your-cluster.md)
- [TiDB Cloud Performance Reference](/tidb-cloud/tidb-cloud-performance-reference.md)
+ - [Use the My TiDB Page](/tidb-cloud/my-tidb.md)
- [Create a TiDB Cloud Dedicated Cluster](/tidb-cloud/create-tidb-cluster.md)
- Connect to Your TiDB Cloud Dedicated Cluster
- [Network Connection Overview](/tidb-cloud/connect-to-tidb-cluster.md)
diff --git a/develop/dev-guide-build-cluster-in-cloud.md b/develop/dev-guide-build-cluster-in-cloud.md
index 9a4a4afe246b5..6d987904240a1 100644
--- a/develop/dev-guide-build-cluster-in-cloud.md
+++ b/develop/dev-guide-build-cluster-in-cloud.md
@@ -20,7 +20,7 @@ If you need to run TiDB on your local machine, see [Starting TiDB Locally](/quic
3. On the [**My TiDB**](https://tidbcloud.com/tidbs) page, click **Create Resource**.
-4. On the **Create** page, **Starter** is selected by default. Enter a name for your {{{ .starter }}} instance, and then select the region where you want to create it.
+4. On the **Create Resource** page, **Starter** is selected by default. Enter a name for your {{{ .starter }}} instance, and then select the cloud provider and region where you want to create it.
5. Click **Create** to create a {{{ .starter }}} instance.
diff --git a/tidb-cloud/create-tidb-cluster-serverless.md b/tidb-cloud/create-tidb-cluster-serverless.md
index 14f3fae51b53b..11344a0267b0a 100644
--- a/tidb-cloud/create-tidb-cluster-serverless.md
+++ b/tidb-cloud/create-tidb-cluster-serverless.md
@@ -46,9 +46,9 @@ If you are in the `Organization Owner` or the `Project Owner` role, you can crea
You can start with a **Starter** instance and later upgrade to an **Essential** instance as your needs grow. For more information, see [Select a Plan](/tidb-cloud/select-cluster-tier.md).
-4. Choose a cloud provider and a region where you want to host your instance.
+4. Enter a name for your instance, and then choose a cloud provider and a region where you want to host your instance.
-5. Update the default instance name if necessary.
+5. (Optional) To group this instance in a project for management, click **Group Your Instance in a Project**, and then select the target project for the instance. If there is no project in your organization, you can create one by clicking **Create a Project**.
6. Update the capacity of the instance.
diff --git a/tidb-cloud/create-tidb-cluster.md b/tidb-cloud/create-tidb-cluster.md
index c369bedea0f41..37b24bc2468ec 100644
--- a/tidb-cloud/create-tidb-cluster.md
+++ b/tidb-cloud/create-tidb-cluster.md
@@ -20,24 +20,7 @@ If you do not have a TiDB Cloud account, click [here](https://tidbcloud.com/sign
- For Azure Marketplace users, you can also sign up through Azure Marketplace. To do that, search for `TiDB Cloud` in [Azure Marketplace](https://azuremarketplace.microsoft.com), subscribe to TiDB Cloud, and then follow the onscreen instructions to set up your TiDB Cloud account.
- For Google Cloud Marketplace users, you can also sign up through Google Cloud Marketplace. To do that, search for `TiDB Cloud` in [Google Cloud Marketplace](https://console.cloud.google.com/marketplace), subscribe to TiDB Cloud, and then follow the onscreen instructions to set up your TiDB Cloud account.
-## (Optional) Step 1. Use your default project or create a new project
-
-Once you log in to the [TiDB Cloud console](https://tidbcloud.com/), you have a default [project](/tidb-cloud/tidb-cloud-glossary.md#project). When there is only one project in your organization, your TiDB Cloud Dedicated cluster will be created in that project. For more information about projects, see [Organizations and projects](/tidb-cloud/manage-user-access.md#organizations-and-projects).
-
-If you are an organization owner, you can rename the default project or create a new project for the TiDB Cloud Dedicated cluster according to your need as follows:
-
-1. In the [TiDB Cloud console](https://tidbcloud.com/), click the combo box in the upper-left corner. Your default organization and project are displayed.
-
-2. Click the name of your organization, and then click **Projects** in the left navigation pane.
-
-3. On the **Projects** page, do one of the following:
-
- - To rename the default project, click **...** > **Rename** in the **Actions** column.
- - To create a project, click **Create New Project**, enter a name for your project, and then click **Confirm**.
-
-4. To go to the cluster list page of your project, click the project name on the **Projects** page.
-
-## Step 2. Create a TiDB Cloud Dedicated cluster
+## Step 1. Create a TiDB Cloud Dedicated cluster
If you are in the `Organization Owner` or the `Project Owner` role, you can create a TiDB Cloud Dedicated cluster as follows:
@@ -49,9 +32,11 @@ If you are in the `Organization Owner` or the `Project Owner` role, you can crea
2. Click **Create Resource**.
-3. On the **Create** page, select **Dedicated**, and then configure the cluster information as follows:
+3. On the **Create Resource** page, select **Dedicated**, and then configure the cluster information as follows:
- 1. Choose a cloud provider and a region.
+ 1. Select a project for your TiDB Cloud Dedicated cluster. If there is no project in your organization, you can create one by clicking **Create a Project**.
+ 2. Enter a name for your TiDB Cloud Dedicated cluster.
+ 3. Choose a cloud provider and a region.
> **Note:**
>
@@ -60,9 +45,9 @@ If you are in the `Organization Owner` or the `Project Owner` role, you can crea
> - If you signed up for TiDB Cloud through [Azure Marketplace](https://azuremarketplace.microsoft.com), the cloud provider is Azure Cloud, and you cannot change it in TiDB Cloud.
> - If you signed up for TiDB Cloud through [Google Cloud Marketplace](https://console.cloud.google.com/marketplace), the cloud provider is Google Cloud, and you cannot change it in TiDB Cloud.
- 2. Configure the [cluster size](/tidb-cloud/size-your-cluster.md) for TiDB, TiKV, and TiFlash (optional) respectively.
- 3. Update the default cluster name and port number if necessary.
- 4. If CIDR has not been configured for this region, you need to set the CIDR. If you do not see the **Project CIDR** field, it means that CIDR has already been configured for this region.
+ 4. Configure the [cluster size](/tidb-cloud/size-your-cluster.md) for TiDB, TiKV, and TiFlash (optional) respectively.
+ 5. Update the default port number if necessary.
+ 6. If CIDR has not been configured for this region, you need to set the CIDR. If you do not see the **Project CIDR** field, it means that CIDR has already been configured for this region.
> **Note:**
>
@@ -85,7 +70,7 @@ If you are in the `Organization Owner` or the `Project Owner` role, you can crea
>
> The cluster creation time can vary by region and might take longer than 30 minutes. If the process takes significantly longer than expected, contact [TiDB Cloud Support](/tidb-cloud/tidb-cloud-support.md).
-## Step 3. Set the root password
+## Step 2. Set the root password
After your TiDB Cloud Dedicated cluster is created, take the following steps to set the root password:
diff --git a/tidb-cloud/data-service-api-key.md b/tidb-cloud/data-service-api-key.md
index 7e982061e5722..0d7a1b0d519c2 100644
--- a/tidb-cloud/data-service-api-key.md
+++ b/tidb-cloud/data-service-api-key.md
@@ -86,6 +86,11 @@ The following sections describe how to create, edit, delete, and expire API keys
To create an API key for a Data App, perform the following steps:
1. Navigate to the [**Data Service**](https://tidbcloud.com/project/data-service) page of your project.
+
+ > **Tip:**
+ >
+ > If you have multiple projects, to navigate to the **Data Service** page of your target project, click the **Project view** tab on the [**My TiDB**](https://tidbcloud.com/tidbs) page, click ... for your target project, and then click **Data Service**.
+
2. In the left pane, click the name of your target Data App to view its details.
3. In the **Authentication** area, click **Create API Key**.
4. In the **Create API Key** dialog box, do the following:
diff --git a/tidb-cloud/data-service-get-started.md b/tidb-cloud/data-service-get-started.md
index 330f80eba402c..a5a9298963fe5 100644
--- a/tidb-cloud/data-service-get-started.md
+++ b/tidb-cloud/data-service-get-started.md
@@ -27,7 +27,7 @@ Before creating a Data App, make sure that you have created a [{{{ .starter }}}]
Creating a sample Data App is the best way to get started with Data Service. If your project does not have any Data App yet, you can follow the on-screen instructions on the **Data Service** page to create a sample Data App and use this App to explore Data Service features.
-1. In the [TiDB Cloud console](https://tidbcloud.com), click **Data Service** in the left navigation pane.
+1. In the [TiDB Cloud console](https://tidbcloud.com), click the **Project view** tab on the [**My TiDB**](https://tidbcloud.com/tidbs) page, click ... for your project, and then click **Data Service**.
2. On the **Data Service** page, click **Create Sample Data App**. A dialog is displayed.
@@ -51,7 +51,7 @@ To get started with Data Service, you can also create your own Data App, and the
To create a Data App, perform the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), click **Data Service** in the left navigation pane.
+1. In the [TiDB Cloud console](https://tidbcloud.com), click the **Project view** tab on the [**My TiDB**](https://tidbcloud.com/tidbs) page, click ... for your project, and then click **Data Service**.
2. On the [**Data Service**](https://tidbcloud.com/project/data-service) page of your project, click **Create DataApp** in the left pane.
diff --git a/tidb-cloud/manage-user-access.md b/tidb-cloud/manage-user-access.md
index ace1f4c75a8ba..f282e50cd7c3b 100644
--- a/tidb-cloud/manage-user-access.md
+++ b/tidb-cloud/manage-user-access.md
@@ -5,78 +5,103 @@ summary: Learn how to manage identity access in TiDB Cloud.
# Identity Access Management
-This document describes how to manage access to organizations, projects, roles, and user profiles in TiDB Cloud.
+This document describes how to manage access to organizations, projects, resources, roles, and user profiles in TiDB Cloud.
Before accessing TiDB Cloud, [create a TiDB Cloud account](https://tidbcloud.com/free-trial). You can either sign up with email and password so that you can [manage your password using TiDB Cloud](/tidb-cloud/tidb-cloud-password-authentication.md), or choose your Google, GitHub, or Microsoft account for single sign-on (SSO) to TiDB Cloud.
-## Organizations and projects
+## Organizations, projects, and resources
-TiDB Cloud provides a hierarchical structure based on organizations and projects to facilitate the management of TiDB Cloud users and clusters. If you are an organization owner, you can create multiple projects in your organization.
+TiDB Cloud uses a hierarchical structure based on organizations, projects, and resources to help you manage users and TiDB deployments.
-For example:
+- An organization is a top level entity (such as a company or a customer) you created to manage your TiDB Cloud accounts (including a management account with any number of multiple member accounts), [projects](#project), and [resources](#resource).
+- A project is a container for TiDB Cloud resources.
+
+ - For {{{ .starter }}} and Essential instances, a project is logical container and optional, which means you can either group these instances in a project or keep these instances at the organization level.
+ - For {{{ .dedicated }}} clusters, a project is infrastructure-bound and required, which means {{{ .dedicated }}} clusters must be grouped in projects for management purposes.
+- A resource in TiDB Cloud can be either a TiDB X instance (for example, {{{ .starter }}} or {{{ .essential }}}}) or a {{{ .dedicated }}} cluster.
+
+If you are an organization owner, you can create multiple projects in your organization.
+
+- For TiDB X instances, you can either group them into projects or keep them directly at the organization level.
+- For TiDB Cloud Dedicated clusters, you must group them into projects.
+
+The following is an example of the hierarchical structure:
```
- Your organization
- - Project 1
- - Cluster 1
- - Cluster 2
- - Project 2
- - Cluster 3
- - Cluster 4
- - Project 3
- - Cluster 5
- - Cluster 6
+ - TiDB X instances out of any project
+ - {{{ .starter }}} instance 1
+ - TiDB X project 1
+ - {{{ .starter }}} instance 2
+ - {{{ .essential }}} instance 3
+ - {{{ .premium }}} instance 4
+ - TiDB Dedicated project 1
+ - {{{ .dedicated }}} cluster 1
+ - {{{ .dedicated }}} cluster 2
```
Under this structure:
- To access an organization, a user must be a member of that organization.
- To access a project in an organization, a user must at least have the read access to the project in that organization.
-- To manage clusters in a project, a user must be in the `Project Owner` role.
+- To access a specific TiDB X instance, a user can be granted access through either a project role or an instance role.
+- To access a TiDB Cloud Dedicated cluster, a user must have the read access to the project in which the cluster is located.
For more information about user roles and permissions, see [User Roles](#user-roles).
### Organizations
-An organization can contain multiple projects.
+An organization can contain multiple projects and TiDB X instances that are not grouped in any project.
-TiDB Cloud calculates billing at the organization level and provides the billing details for each project.
+TiDB Cloud calculates billing at the organization level and provides billing details for each project and resource.
If you are an organization owner, you have the highest permission in your organization.
For example, you can do the following:
- Create different projects (such as development, staging, and production) for different purposes.
-- Assign different users with different organization roles and project roles.
+- Assign different users with different organization roles, project roles, and instance roles.
- Configure organization settings. For example, configure the time zone for your organization.
### Projects
-A project can contain multiple clusters.
+A project groups and manages TiDB Cloud resources.
-If you are a project owner, you can manage clusters and project settings for your project.
+In the TiDB Cloud console, there are three types of projects:
-For example, you can do the following:
+- **TiDB Dedicated project**: this project type is used only for {{{ .dedicated }}} clusters. In this type of project, you can only add {{{ .dedicated }}} clusters. Within your organization, settings and access controls such as networks, maintenance, alert subscriptions, and encryption access can be managed separately by project, and configurations in different projects do not affect each other.
+- **TiDB X project**: this is the default project type when you create a project on the [My TiDB](/tidb-cloud/my-tidb.md) page. In this type of project, you can only add {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances.
+- **TiDB X virtual project**: this project is virtual and it does not provide any management capabilities. It acts as a virtual container for {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances that do not belong to any project, so that these instances can be accessed through the TiDB Cloud API by using a project ID. Each organization has a unique virtual project ID. You can get the ID from the project view of the [My TiDB](/tidb-cloud/my-tidb.md) page.
+
+The following table lists the differences between these project types:
-- Create multiple clusters according to your business need.
-- Assign different users with different project roles.
-- Configure project settings. For example, configure different alert settings for different projects.
+| Feature | TiDB Dedicated Project | TiDB X Project | TiDB X Virtual Project |
+|---|---|---|---|
+| Project icon in the TiDB Cloud console | | | N/A |
+| Resource type in the project | {{{ .dedicated}}} clusters only | TiDB X instances only | TiDB X instances only |
+| Project is optional | ❌ (Each {{{ .dedicated }}} cluster must belong to a Dedicated project) | ✅ (You can either group a TiDB X instance in a TiDB X project or keep it at the organization level) | N/A (TiDB X instances not grouped in any TiDB X project are automatically grouped in the TiDB X virtual project) |
+| Project settings | ✅ | ❌ | ❌ |
+| Infrastructure binding | ✅ (Strong binding) | ❌ | ❌ |
+| RBAC model | Organization -> Project | Organization -> Project -> Instance | Organization -> Project -> Instance |
+| Project-level RBAC | ✅ | ✅ | ❌ |
+| Project-level Billing | ✅ | ✅ | ❌ |
+| Instance movement between TiDB X projects or the global scope | ❌ | ✅ | ✅ (Global only) |
## User roles
-TiDB Cloud defines different user roles to manage different permissions of TiDB Cloud users in organizations, projects, or both.
+TiDB Cloud defines different user roles to manage permissions at the organization, project, and instance levels.
-You can grant roles to a user at the organization level or at the project level. Make sure to carefully plan the hierarchy of your organizations and projects for security considerations.
+You can grant roles to a user at the organization level, the project level, or the instance level. Make sure to carefully plan the hierarchy of your organizations, projects, and resources for security considerations.
### Organization roles
-At the organization level, TiDB Cloud defines four roles, in which `Organization Owner` can invite members and grant organization roles to members.
+At the organization level, TiDB Cloud defines five roles, in which `Organization Owner` can invite members and grant organization roles to members.
| Permission | `Organization Owner` | `Organization Billing Manager` | `Organization Billing Viewer` | `Organization Console Audit Manager` | `Organization Viewer` |
|---|---|---|---|---|---|
| Manage organization settings, such as projects, API keys, and time zones. | ✅ | ❌ | ❌ | ❌ | ❌ |
| Invite users to or remove users from an organization, and edit organization roles of users. | ✅ | ❌ | ❌ | ❌ | ❌ |
-| All the permissions of `Project Owner` for all projects in the organization. | ✅ | ❌ | ❌ | ❌ | ❌ |
+| All the permissions of `Project Owner` for all projects in the organization, and all the permissions of TiDB X instance roles for all TiDB X instances in the organization. | ✅ | ❌ | ❌ | ❌ | ❌ |
| Create projects with Customer-Managed Encryption Key (CMEK) enabled. | ✅ | ❌ | ❌ | ❌ | ❌ |
| Edit payment information for the organization. | ✅ | ✅ | ❌ | ❌ | ❌ |
| View bills and use [cost explorer](/tidb-cloud/tidb-cloud-billing.md#cost-explorer). | ✅ | ✅ | ✅ | ❌ | ❌ |
@@ -90,13 +115,15 @@ At the organization level, TiDB Cloud defines four roles, in which `Organization
### Project roles
-At the project level, TiDB Cloud defines three roles, in which `Project Owner` can invite members and grant project roles to members.
+At the project level, TiDB Cloud defines four roles, in which `Project Owner` can invite members and grant project roles to members.
> **Note:**
>
-> - `Organization Owner` has all the permissions of Project Owner for all projects so `Organization Owner` can invite project members and grant project roles to members too.
-> - Each project role has all the permissions of Organization Viewer by default.
+> - `Organization Owner` has all the permissions of `Project Owner` for all projects so `Organization Owner` can invite project members and grant project roles to members too.
+> - Each project role has all the permissions of `Organization Viewer` by default.
> - If a user in your organization does not belong to any projects, the user does not have any project permissions.
+> - For both TiDB X projects and TiDB Dedicated projects, project roles control access to resources in the project. For TiDB Dedicated projects, project roles also control Dedicated-specific project settings.
+> - Project roles do not apply to the TiDB X virtual project because TiDB X virtual project does not provide any management capacities. To manage RBAC for a specific TiDB X instance that are not grouped in any TiDB X project, use [instance roles](#instance-roles).
| Permission | `Project Owner` | `Project Data Access Read-Write` | `Project Data Access Read-Only` | `Project Viewer` |
|---|---|---|---|---|
@@ -104,16 +131,42 @@ At the project level, TiDB Cloud defines three roles, in which `Project Owner` c
| Invite users to or remove users from a project, and edit project roles of users. | ✅ | ❌ | ❌ | ❌ |
| Manage [database audit logging](/tidb-cloud/tidb-cloud-auditing.md) of the project. | ✅ | ❌ | ❌ | ❌ |
| Manage [spending limit](/tidb-cloud/manage-serverless-spend-limit.md) for all {{{ .starter }}} instances in the project. | ✅ | ❌ | ❌ | ❌ |
-| Manage cluster operations in the project, such as cluster creation, modification, and deletion. | ✅ | ❌ | ❌ | ❌ |
+| Manage resource operations in the project, such as creating, modifying, moving, and deleting instances or clusters supported by the project type. | ✅ | ❌ | ❌ | ❌ |
| Manage branches for {{{ .starter }}} and {{{ .essential }}} instances in the project, such as branch creation, connection, and deletion. | ✅ | ❌ | ❌ | ❌ |
-| Manage cluster data such as data import, data backup and restore, and data migration. | ✅ | ✅ | ❌ | ❌ |
+| Manage resource data such as data import, data backup and restore, and data migration. | ✅ | ✅ | ❌ | ❌ |
| Manage [Data Service](/tidb-cloud/data-service-overview.md) for data read-only operations such as using or creating endpoints to read data. | ✅ | ✅ | ✅ | ❌ |
| Manage [Data Service](/tidb-cloud/data-service-overview.md) for data read and write operations. | ✅ | ✅ | ❌ | ❌ |
-| View cluster data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md). | ✅ | ✅ | ✅ | ❌ |
-| Modify and delete cluster data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md). | ✅ | ✅ | ❌ | ❌ |
+| View resource data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md), if supported by the resource type. | ✅ | ✅ | ✅ | ❌ |
+| Modify and delete resource data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md), if supported by the resource type. | ✅ | ✅ | ❌ | ❌ |
| Manage [changefeeds](/tidb-cloud/changefeed-overview.md). | ✅ | ✅ | ✅ | ❌ |
-| Review and reset cluster passwords. | ✅ | ❌ | ❌ | ❌ |
-| View cluster overview, backup records, metrics, events, and [changefeeds](/tidb-cloud/changefeed-overview.md) in the project. | ✅ | ✅ | ✅ | ✅ |
+| Review and reset resource passwords, if supported by the resource type. | ✅ | ❌ | ❌ | ❌ |
+| View resource overview, backup records, metrics, events, and [changefeeds](/tidb-cloud/changefeed-overview.md) in the project. | ✅ | ✅ | ✅ | ✅ |
+
+### Instance roles
+
+TiDB X instances support instance-level roles so that you can grant access to a single TiDB X instance without granting the same access to all resources in a project.
+
+> **Note:**
+>
+> - Instance roles apply only to TiDB X instances, including {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}}. TiDB Cloud Dedicated clusters does not support instance roles.
+> - `Organization Owner` automatically has all permissions for all TiDB X instances in the organization.
+> - Each instance role inherits all the permissions of the Organization Viewer role by default.
+> - Project roles and instance roles are additive. A user can inherit access from a project role and also have a more specific role on an individual instance.
+
+| Permission | `Instance Manager` | `TiDB X Instance Data Access Read-Write` | `TiDB X Instance Data Access Read-Only` | `TiDB X Instance Viewer` |
+|---|---|---|---|---|
+| Manage instance operations, such as instance creation, modification, and deletion. | ✅ | ❌ | ❌ | ❌ |
+| View and modify instance data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md). | ✅ | ✅ | ❌ | ❌ |
+| View instance data using [SQL Editor](/tidb-cloud/explore-data-with-chat2query.md). | ✅ | ✅ | ✅ | ❌ |
+| Manage instance-scoped roles. | ✅ | ❌ | ❌ | ❌ |
+| View backup records of the TiDB X instance. | ✅ | ❌ | ❌ | ✅ |
+| Restore the TiDB X instance from backups. | ✅ | ❌ | ❌ | ❌ |
+| View instance overview. | ✅ | ❌ | ❌ | ✅ |
+| View network settings. | ✅ | ❌ | ❌ | ✅ |
+| View monitor and metrics. | ✅ | ❌ | ❌ | ✅ |
+| View alerts. | ✅ | ❌ | ❌ | ✅ |
+
+Use project roles when you want to manage all resources in a project, and use instance roles when you want to grant access only to a specific TiDB X instance.
## Manage organization access
@@ -144,32 +197,34 @@ To change the local timezone setting, take the following steps:
4. Click **Update**.
-### Invite an organization member
+### Invite a user to your organization
If you are in the `Organization Owner` role, you can invite users to your organization.
> **Note:**
>
-> You can also [invite a user to your project](#invite-a-project-member) directly according to your need, which also makes the user your organization member.
+> You can also [invite a user to your project](#invite-a-project-member) or [grant a user access to a TiDB X instance](#grant-access-to-a-tidb-x-instance) directly according to your need, which also makes the user your organization member.
-To invite a member to an organization, take the following steps:
+To invite a user to your organization, take the following steps:
1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
2. In the left navigation pane, click **Organization Settings** > **Users**.
-3. On the **Users** page, click the **By Organization** tab.
-
-4. Click **Invite**.
+3. On the **Users** page, click **Invite User** in the upper-right corner.
-5. Enter the email address of the user to be invited, and then select an organization role for the user.
+4. Enter the email address of the user to be invited.
> **Tip:**
>
- > - If you want to invite multiple members at one time, you can enter multiple email addresses.
- > - The invited user does not belong to any projects by default. To invite a user to a project, see [Invite a project member](#invite-a-project-member).
+ > If you want to invite multiple members at one time, you can enter multiple email addresses.
+
+5. (Optional) The invited user does not have any project or instance permissions by default. To grant project or instance roles to the user, do the following:
+
+ - To grant project-level access to the user, click **Add Roles and Select Project**, and then grant roles and select the target projects for the user.
+ - To grant access to a specific TiDB X instance to the user, click **Add Roles and Select Instance**, and then grant roles and select the target TiDB X instance for the user.
-6. Click **Confirm**. Then the new user is successfully added into the user list. At the same time, an email is sent to the invited email address with a verification link.
+6. Click **Invite**. Then the new user is successfully added into the user list. At the same time, an email is sent to the invited email address with a verification link.
7. After receiving this email, the user needs to click the link in the email to verify the identity, and a new page shows.
@@ -179,20 +234,6 @@ To invite a member to an organization, take the following steps:
>
> The verification link in the email expires in 24 hours. If the user you want to invite does not receive the email, click **Resend**.
-### Modify organization roles
-
-If you are in the `Organization Owner` role, you can modify organization roles of all members in your organization.
-
-To modify the organization role of a member, take the following steps:
-
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
-
-2. In the left navigation pane, click **Organization Settings** > **Users**.
-
-3. On the **Users** page, click the **By Organization** tab.
-
-4. Click the role of the target member, and then modify the role.
-
### Remove an organization member
If you are in the `Organization Owner` role, you can remove organization members from your organization.
@@ -201,50 +242,57 @@ To remove a member from an organization, take the following steps:
> **Note:**
>
-> If a member is removed from an organization, the member is removed from the belonged projects either.
+> If a member is removed from an organization, the member is also removed from all projects and loses all instance access in the organization.
1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
2. In the left navigation pane, click **Organization Settings** > **Users**.
-3. On the **Users** page, click the **By Organization** tab.
+3. On the **Users** page, locate the row of the target member, click **...** in the row, and then click **Delete**.
-4. In the row of the target member, click **...** > **Delete**.
+4. In the confirmation dialog, click **Delete**.
## Manage project access
-### View and switch between projects
+### View projects
-To view and switch between projects, take the following steps:
+To view projects in your organization, take the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), click the combo box in the upper-left corner. The list of organizations and projects you belong to is displayed.
+1. In the TiDB Cloud console, navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click the icon to go to the project view.
> **Tip:**
>
- > - If you are currently on the page of a specific TiDB Cloud resource, after clicking the combo box in the upper-left corner, you also need to click ← in the combo box to return to the organization and project list.
- > - If you are a member of multiple projects, you can click the target project name in the combo box to switch between projects.
+ > If you are in multiple organizations, use the combo box in the upper-left corner to switch to your target organizations first.
-2. To view the detailed information of your project, click the project name, and then click **Project Settings** in the left navigation pane.
+2. In the project view, you can see the projects you belong to in the organization:
+
+ - TiDB X instances that do not belong to any project are displayed in a table named `Out of project`.
+ - TiDB X instances that belong to specific projects are displayed in their corresponding TiDB X project tables.
+ - TiDB Cloud Dedicated clusters are displayed in their corresponding Dedicated project tables. These tables have a **D** in the folder icon to identify the **Dedicated** project type.
### Create a project
> **Note:**
>
-> For free trial users, you cannot create a new project.
+> - For free trial users, you cannot create a new project.
+> - For TiDB X instances, creating a project is optional. For TiDB Cloud Dedicated clusters, you must use the default project or create new projects to manage them.
If you are in the `Organization Owner` role, you can create projects in your organization.
To create a new project, take the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+1. In the [TiDB Cloud console](https://tidbcloud.com), navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click **Create Project**.
-2. In the left navigation pane, click **Projects**.
+ > **Tip:**
+ >
+ > If you are in multiple organizations, use the combo box in the upper-left corner to switch to your target organizations first.
-3. On the **Projects** page, click **Create New Project**.
+2. In the displayed dialog, enter a project name.
-4. Enter your project name.
+3. Depending on which type of TiDB Cloud resources you are creating the project for, do one of the following:
-5. Click **Confirm**.
+ - If the project is created for TiDB X instances, click **Confirm**.
+ - If the project is created for {{{ .dedicated }}} clusters, select the **Create for Dedicated Cluster** option, configure [Customer-Managed Encryption Keys (CMEK)](/tidb-cloud/tidb-cloud-encrypt-cmek-aws.md) and [maintenance window](/tidb-cloud/configure-maintenance-window.md) for the project, and then click **Confirm**.
### Rename a project
@@ -252,15 +300,17 @@ If you are in the `Organization Owner` role, you can rename any projects in your
To rename a project, take the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+1. In the TiDB Cloud console, navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click the icon to go to the project view.
-2. In the left navigation pane, click **Projects**.
+ > **Tip:**
+ >
+ > If you are in multiple organizations, use the combo box in the upper-left corner to switch to your target organizations first.
-3. In the row of your project to be renamed, click **...** > **Rename**.
+2. In the project view, locate the table of your target project, click **...** in the upper-right corner of the table, and then click **Rename**.
-4. Enter a new project name.
+3. Enter a new project name.
-5. Click **Confirm**.
+4. Click **Confirm**.
### Invite a project member
@@ -272,45 +322,56 @@ If you are in the `Organization Owner` or `Project Owner` role, you can invite m
To invite a member to a project, take the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
-
-2. In the left navigation pane, click **Organization Settings** > **Users**.
+1. In the TiDB Cloud console, navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click the icon to go to the project view.
-3. On the **Users** page, click the **By Project** tab, and then choose your project in the drop-down list.
+ > **Tip:**
+ >
+ > If you are in multiple organizations, use the combo box in the upper-left corner to switch to your target organizations first.
-4. Click **Invite**.
+2. In the project view, locate the table of your target project, click **...** in the upper-right corner of the table, and then click **Invite**.
-5. Enter the email address of the user to be invited, and then select a project role for the user.
+3. In the displayed dialog, enter the email address of the user to be invited, and then select a project role for the user.
> **Tip:**
>
> If you want to invite multiple members at one time, you can enter multiple email addresses.
-6. Click **Confirm**. Then the new user is successfully added into the user list. At the same time, an email is sent to the invited email address with a verification link.
+4. Click **Confirm**. Then the new user is successfully added into the user list. At the same time, an email is sent to the invited email address with a verification link.
-7. After receiving this email, the user needs to click the link in the email to verify the identity, and a new page shows.
+5. After receiving this email, the user needs to click the link in the email to verify the identity, and a new page shows.
-8. If the invited email address has not been signed up for a TiDB Cloud account, the user is directed to the sign-up page to create an account. If the email address has been signed up for a TiDB Cloud account, the user is directed to the sign-in page. After sign-in, the account joins the project automatically.
+6. If the invited email address has not been signed up for a TiDB Cloud account, the user is directed to the sign-up page to create an account. If the email address has been signed up for a TiDB Cloud account, the user is directed to the sign-in page. After sign-in, the account joins the project automatically.
> **Note:**
>
> The verification link in the email will expire in 24 hours. If your user doesn't receive the email, click **Resend**.
-### Modify project roles
+### Move a TiDB X instance
-If you are in the `Organization Owner` role, you can modify project roles of all project members in your organization. If you are in the `Project Owner` role, you can modify project roles of all members in your project.
+If you are in the `Organization Owner` or `Project Owner` role, you can move a TiDB X instance to a project or out of any project.
-To modify the project role of a member, take the following steps:
+> **Note:**
+>
+> Only TiDB X instances support moving between TiDB X projects and out of any TiDB X project. TiDB Cloud Dedicated clusters do not support moving between projects.
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+To move a TiDB X instance, take the following steps:
-2. In the left navigation pane, click **Organization Settings** > **Users**.
+1. In the [TiDB Cloud console](https://tidbcloud.com), navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click the **Project view** tab.
+
+2. In the project view, expand the project folder that contains the TiDB X instance to be moved, click **...** for the target TiDB X instance, and then click **Move**.
+
+ > **Tip:**
+ >
+ > If the TiDB X instance is not in any project, it is displayed in the **Out of project** folder.
+
+3. In the displayed dialog, do one of the following:
-3. On the **Users** page, click the **By Project** tab, and then choose your project in the drop-down list.
+ - To move the TiDB X instance to a project, select **To a project**, and then select the target project from the drop-down list.
+ - To move the TiDB X instance out of any project, select **Outside any project**.
-4. In the row of the target member, click the role in the **Role** column, and then choose a new role from the drop-down list.
+4. Click **Move**.
-### Remove a project member
+### Remove project access for a user
If you are in the `Organization Owner` or `Project Owner` role, you can remove project members.
@@ -320,9 +381,68 @@ To remove a member from a project, take the following steps:
2. In the left navigation pane, click **Organization Settings** > **Users**.
-3. On the **Users** page, click the **By Project** tab, and then choose your project in the drop-down list.
+3. On the **Users** page, locate the row of the target member, click **...** in the row, and then click **Edit Role**.
+
+4. On the **Edit Role** dialog, locate the target project, and then click the icon.
+
+5. Click **Save**.
+
+## Manage instance access
+
+### Grant access to a TiDB X instance {#grant-access-to-a-tidb-x-instance}
+
+If you are in the `Organization Owner` or `Project Owner` role, you can grant a instance role for a specific TiDB X instance to a user.
+
+> **Note:**
+>
+> Instance access applies only to TiDB X instances.
+
+To grant access to a TiDB X instance, take the following steps:
+
+1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+
+2. In the left navigation pane, click **Organization Settings** > **Users**.
+
+3. On the **Users** page, locate the row of the target member, click **...** in the row, and then click **Edit Role**.
+
+ > **Tip:**
+ >
+ > If the user is not in your organization yet, click **Invite User** in the upper-right corner, and follow the steps in [Invite a user to your organization](#invite-a-user-to-your-organization) to grant the instance role to the user.
+
+4. On the **Edit Role** page, click **Add Role and Select Instance** in the **Instance access** section, and then grant roles and select the target TiDB X instance for the user.
+
+5. Click **Save**.
+
+### Remove instance access for a user
+
+If you are in the `Organization Owner` or `Project Owner` role, you can remove instance access for a user.
+
+To remove instance access for a user, take the following steps:
+
+1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+
+2. In the left navigation pane, click **Organization Settings** > **Users**.
+
+3. On the **Users** page, locate the row of the target member, click **...** in the row, and then click **Edit Role**.
+
+4. On the **Edit Role** dialog, locate the target instance, and then click the icon.
+
+5. Click **Save**.
+
+## Modify roles of a user
+
+To modify a role of a user in TiDB Cloud, take the following steps:
+
+1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
+
+2. In the left navigation pane, click **Organization Settings** > **Users**.
+
+3. On the **Users** page, locate the row of the target user, click **...** in the row, and then click **Edit Role**.
+
+ - If you are in the `Organization Owner` role, you can modify organization roles, project roles, and instance roles of the target user.
+ - If you are in the `Project Owner` role, you can modify project roles and instance roles of the target user.
-4. In the row of the target member, click **...** > **Delete**.
+4. Click **Save**.
## Manage user profiles
diff --git a/tidb-cloud/my-tidb.md b/tidb-cloud/my-tidb.md
new file mode 100644
index 0000000000000..5cdf0b1c6a963
--- /dev/null
+++ b/tidb-cloud/my-tidb.md
@@ -0,0 +1,68 @@
+---
+title: Use the My TiDB Page
+summary: Learn how to use the My TiDB Page to manage your TiDB resources and projects.
+---
+
+# Use the My TiDB Page
+
+In the [TiDB Cloud console](https://tidbcloud.com/), [**My TiDB**](https://tidbcloud.com/tidbs) is a centralized page for all TiDB Cloud resources and projects that you can access within the current organization, helping you easily discover, access, and manage your TiDB resources.
+
+In this document, you will learn how to use the [**My TiDB**](https://tidbcloud.com/tidbs) page to manage your TiDB Cloud resources and projects.
+
+## What are TiDB Cloud resources and projects?
+
+### TiDB Cloud resources
+
+A TiDB Cloud resource is a manageable TiDB Cloud deployment unit. It can be one of the following:
+
+- A TiDB X instance (a service-oriented TiDB Cloud offering built on the [TiDB X architecture](/tidb-cloud/tidb-x-architecture.md)), such as a {{{ .starter }}}, {{{ .essential }}}, or {{{ .premium }}} instance
+- A {{{ .dedicated }}} cluster
+
+### TiDB Cloud projects
+
+In TiDB Cloud, you can use [projects](/tidb-cloud/tidb-cloud-glossary.md#project) to group and manage your TiDB resources.
+
+- For {{{ .starter }}}, Essential, and Premium instances, projects are optional, which means you can either group these instances in a project or keep these instances at the organization level.
+- For {{{ .dedicated }}} clusters, projects are required.
+
+## Create TiDB Cloud resources
+
+To create a TiDB Cloud resource, navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click **Create Resource**.
+
+For more information, see the following documents:
+
+- [Create a {{{ .starter }}} or Essential Instance](/tidb-cloud/starter/create-tidb-cluster-serverless.md)
+- [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md)
+- [Create a {{{ .dedicated }}} Cluster](/tidb-cloud/create-tidb-cluster.md)
+
+## Create TiDB Cloud projects
+
+To create a new project, navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click **Create Project**. For more information, see [Create a project](/tidb-cloud/manage-user-access.md#create-a-project).
+
+You can also create a project when creating TiDB Cloud resources. For more information, see the following documents:
+
+- [Create a {{{ .starter }}} or Essential Instance](/tidb-cloud/starter/create-tidb-cluster-serverless.md)
+- [Create a {{{ .premium }}} Instance](/tidb-cloud/premium/create-tidb-instance-premium.md)
+- [Create a TiDB Cloud Dedicated Cluster](/tidb-cloud/create-tidb-cluster.md)
+
+## View and manage TiDB Cloud resources
+
+By default, the [**My TiDB**](https://tidbcloud.com/tidbs) page shows the resource view, which displays all resources within your current organization that you have permission to access.
+
+- To go to the overview page of a TiDB Cloud resource, click the name of the target resource.
+- To perform quick actions on a TiDB Cloud resource, such as deleting, renaming, and importing data, click **...** in the row of the target resource.
+- If your organization has many instances or clusters, you can use the filters at the top of the page to quickly find what you need.
+
+To view your resources grouped by projects, click the **Project view** tab on the [**My TiDB**](https://tidbcloud.com/tidbs) page. In this view, TiDB Cloud resources are grouped by projects as follows:
+
+- TiDB X instances that do not belong to any project are displayed in a table named `Out of project`.
+- TiDB X instances that belong to specific projects are displayed in their corresponding TiDB X projects.
+- TiDB Cloud Dedicated clusters are displayed in their corresponding Dedicated projects. These projects have a **D** embedded in the folder icon to identify the **Dedicated** project type.
+
+For more information about project types, see [Project types](/tidb-cloud/tidb-cloud-glossary.md#project-types).
+
+To perform quick actions on a project, such as renaming the project or inviting members to the project, click **...** in the row of the target project name.
+
+For **Dedicated** projects, you can also click the icon in the row of the target project to access more project management operations, such as managing networks, alert subscriptions, and project members.
+
+For more information, see [Manage project access](/tidb-cloud/manage-user-access.md).
\ No newline at end of file
diff --git a/tidb-cloud/premium/create-tidb-instance-premium.md b/tidb-cloud/premium/create-tidb-instance-premium.md
index 725ec26be4f8c..0ad497e600e8f 100644
--- a/tidb-cloud/premium/create-tidb-instance-premium.md
+++ b/tidb-cloud/premium/create-tidb-instance-premium.md
@@ -41,8 +41,8 @@ If you have the `Organization Owner` role, you can create a {{{ .premium }}} ins
1. In the [TiDB Cloud console](https://tidbcloud.com/tidbs), navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page, and then click **Create Resource** in the upper-right corner.
2. On the **Create Resource** page, select **Premium** as your plan.
-3. Enter a name for your {{{ .premium }}} instance.
-4. Choose a cloud provider and a region where you want to host your instance.
+3. Enter a name for your {{{ .premium }}} instance, and then choose a cloud provider and a region where you want to host your instance.
+4. (Optional) To group this {{{ .premium }}} instance in a project for management, click **Group Your Instance in a Project**, and then select the target project for the instance. If there is no project in your organization, you can create one by clicking **Create a Project**.
5. In the **Capacity** area, set the maximum number of the Request Capacity Units (RCUs) for your instance.
RCUs represent the compute resources provisioned for your workload. TiDB Cloud automatically scales your instance within this range based on demand.
diff --git a/tidb-cloud/security-concepts.md b/tidb-cloud/security-concepts.md
index af84f2e91f765..8877bb5df3afc 100644
--- a/tidb-cloud/security-concepts.md
+++ b/tidb-cloud/security-concepts.md
@@ -107,56 +107,67 @@ This system ensures flexibility and precision in managing user access while alig
### Organization and projects
-TiDB Cloud manages users and resources with a hierarchical structure: organizations, projects, and clusters.
+TiDB Cloud manages users and resources with a hierarchical structure: organizations, projects, and resources.
**Organizations**
-- The top-level entity for managing resources, roles, and billing.
+- The top-level entity for managing users, roles, projects, resources, and billing.
- The organization owner has full permissions, including project creation and role assignment.
**Projects**
-- Subdivisions of an organization containing clusters and project-specific configurations.
+- Containers for grouping and managing TiDB Cloud resources.
-- Managed by project owners responsible for clusters within their scope.
+- In TiDB Cloud, there are three types of projects:
-**Clusters**
+ - **TiDB Dedicated project**: a project type for {{{ .dedicated }}} clusters only. Dedicated projects manage project-scoped settings such as networking, maintenance, alert subscriptions, integrations, and encryption-related access.
+ - **TiDB X project**: a logical container for {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances. TiDB X projects are used for grouping resources and applying project-level RBAC, but they do not carry Dedicated-only infrastructure settings.
+ - **TiDB X virtual project**: a virtual project for {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances that are not grouped in any TiDB X project project. This project type is used only for API compatibility, so it is not displayed in the [TiDB Cloud console](https://tidbcloud.com/) and does not provide any management capabilities.
-- Individual database instances within a project.
+**Resources**
+
+- A TiDB Cloud resource can be either a TiDB X instance (a service-oriented TiDB Cloud offering built on the [TiDB X architecture](/tidb-cloud/tidb-x-architecture.md)) or a TiDB Cloud Dedicated cluster.
### Example structure
```
- Your organization
- - Project 1
- - Cluster 1
- - Cluster 2
- - Project 2
- - Cluster 3
- - Cluster 4
- - Project 3
- - Cluster 5
- - Cluster 6
+ - TiDB X instances out of any project
+ - {{{ .starter }}} instance 1
+ - TiDB X project 1
+ - {{{ .starter }}} instance 2
+ - {{{ .essential }}} instance 3
+ - {{{ .premium }}} instance 4
+ - TiDB Dedicated project 1
+ - {{{ .dedicated }}} cluster 1
+ - {{{ .dedicated }}} cluster 2
```
### Key features
- **Granular permissions**:
- - Assign specific roles at both the organization and project levels for precise access control.
+ - Assign specific roles at the organization, project, and instance levels for precise access control.
+
+ - TiDB X instances can be accessed through either project roles or instance roles, while TiDB Cloud Dedicated clusters are managed through project-level access.
- - Ensure flexibility and security by carefully planning role assignments.
+- **Flexible project model**:
+ - TiDB X projects are optional, so TiDB X instances can be grouped in a project or kept at the organization level.
+
+ - TiDB Dedicated projects are required, so each Dedicated cluster must belong to a Dedicated project.
- **Billing management**:
- - Billing is consolidated at the organization level, with detailed breakdowns available for each project.
+ - Billing is consolidated at the organization level, with detailed breakdowns available for each project and resource.
### Identity and Access Management (IAM) Roles
-TiDB Cloud provides role-based access control to manage permissions across organizations and projects:
+TiDB Cloud provides role-based access control to manage permissions across organizations, projects, and instances:
- **[Organization-Level roles](/tidb-cloud/manage-user-access.md#organization-roles)**: Grant permissions to manage the entire organization, including billing and project creation.
-- **[Project-Level roles](/tidb-cloud/manage-user-access.md#project-roles)**: Assign permissions to manage specific projects, including clusters and configurations.
+- **[Project-Level roles](/tidb-cloud/manage-user-access.md#project-roles)**: Assign permissions to manage specific projects, including project-scoped resources and configurations.
+
+- **[Instance-Level roles](/tidb-cloud/manage-user-access.md#instance-roles)**: Grant fine-grained access to specific TiDB X instances.
## Network access control
@@ -255,4 +266,4 @@ Records detailed database operations, including executed SQL statements and user
- Use logs for compliance reporting and forensic analysis.
-For more information, see [Console Audit Logging](/tidb-cloud/tidb-cloud-console-auditing.md) and [Database Audit Logging](/tidb-cloud/tidb-cloud-auditing.md).
\ No newline at end of file
+For more information, see [Console Audit Logging](/tidb-cloud/tidb-cloud-console-auditing.md) and [Database Audit Logging](/tidb-cloud/tidb-cloud-auditing.md).
diff --git a/tidb-cloud/tidb-cloud-billing.md b/tidb-cloud/tidb-cloud-billing.md
index d8598f6509f72..78044eab7f69c 100644
--- a/tidb-cloud/tidb-cloud-billing.md
+++ b/tidb-cloud/tidb-cloud-billing.md
@@ -91,7 +91,7 @@ To view the billing details, perform the following steps:
On the **Billing** page, the **Bills** tab is displayed by default.
-The **Bills** tab shows the billing summary by project and by service. You can also see the usage details and download the data in CSV format.
+The **Bills** tab shows the billing summary by projects & instances and the billing summary by service. You can also see the usage details and download the data in CSV format.
> **Note:**
>
diff --git a/tidb-cloud/tidb-cloud-encrypt-cmek-aws.md b/tidb-cloud/tidb-cloud-encrypt-cmek-aws.md
index ef5bb7e85ace4..41ca4b0cdfcb8 100644
--- a/tidb-cloud/tidb-cloud-encrypt-cmek-aws.md
+++ b/tidb-cloud/tidb-cloud-encrypt-cmek-aws.md
@@ -35,12 +35,11 @@ If you are in the `Organization Owner` role of your organization, you can create
To create a CMEK-enabled project, take the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
-2. In the left navigation pane, click **Projects**.
-3. On the **Projects** page, click **Create New Project** in the upper-right corner.
-4. Fill in a project name.
-5. Choose to enable the CMEK capability of the project.
-6. Click **Confirm** to complete the project creation.
+1. In the [TiDB Cloud console](https://tidbcloud.com), navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click **Create Project**.
+2. In the displayed dialog, enter a project name.
+3. Select the **Create for Dedicated Cluster** option.
+4. Choose to enable the CMEK capability of the project.
+5. Click **Confirm** to complete the project creation.
diff --git a/tidb-cloud/tidb-cloud-encrypt-cmek-azure.md b/tidb-cloud/tidb-cloud-encrypt-cmek-azure.md
index bccef8b3f1ba6..2c48d5e19bd6c 100644
--- a/tidb-cloud/tidb-cloud-encrypt-cmek-azure.md
+++ b/tidb-cloud/tidb-cloud-encrypt-cmek-azure.md
@@ -25,12 +25,11 @@ If you want to encrypt your data using the encryption keys owned by your account
If you are in the `Organization Owner` role of your organization, you can create a CMEK-enabled project by performing the following steps:
-1. In the [TiDB Cloud console](https://tidbcloud.com), switch to your target organization using the combo box in the upper-left corner.
-2. In the left navigation pane, click **Projects**.
-3. On the **Projects** page, click **Create New Project** in the upper-right corner.
-4. Fill in a project name.
-5. Choose to enable the CMEK capability of the project.
-6. Click **Confirm** to complete the project creation.
+1. In the [TiDB Cloud console](https://tidbcloud.com), navigate to the [**My TiDB**](https://tidbcloud.com/tidbs) page of your organization, and then click **Create Project**.
+2. In the displayed dialog, enter a project name.
+3. Select the **Create for Dedicated Cluster** option.
+4. Choose to enable the CMEK capability of the project.
+5. Click **Confirm** to complete the project creation.
### Step 2. Complete the CMEK configuration of the project
diff --git a/tidb-cloud/tidb-cloud-glossary.md b/tidb-cloud/tidb-cloud-glossary.md
index 59aca5601b1a0..3404081679ab5 100644
--- a/tidb-cloud/tidb-cloud-glossary.md
+++ b/tidb-cloud/tidb-cloud-glossary.md
@@ -29,6 +29,12 @@ Chat2Query is an AI-powered feature integrated into SQL Editor that assists user
In addition, TiDB Cloud provides a Chat2Query API for {{{ .starter }}} instances hosted on AWS. After it is enabled, TiDB Cloud will automatically create a system Data App called **Chat2Query** and a Chat2Data endpoint in Data Service. You can call this endpoint to let AI generate and execute SQL statements by providing instructions. For more information, see [Get started with Chat2Query API](/tidb-cloud/use-chat2query-api.md).
+### Cluster
+
+In TiDB Cloud, a cluster is a dedicated cloud deployment that includes explicit infrastructure details such as node topology, instance types, storage configuration, and scaling model.
+
+Among TiDB Cloud plans, only TiDB Cloud Dedicated clusters use this deployment model.
+
### Credit
TiDB Cloud offers a certain number of credits for Proof of Concept (PoC) users. One credit is equivalent to one U.S. dollar. You can use credits to pay fees before the credits become expired.
@@ -95,7 +101,7 @@ Refers to either a data instance (TiKV) or a compute instance (TiDB) or an analy
### organization
-An entity that you create to manage your TiDB Cloud accounts, including a management account with any number of multiple member accounts.
+An top level container to manage your TiDB Cloud accounts (including a management account with any number of multiple member accounts), [projects](#project), and [resources](#resource).
### organization members
@@ -109,7 +115,18 @@ A document that defines permissions applying to a role, user, or organization, s
### project
-Based on the projects created by the organization, resources such as personnel, instances, and networks can be managed separately according to projects, and resources between projects do not interfere with each other.
+In TiDB Cloud, you can use projects to group and manage your TiDB resources.
+
+- For {{{ .starter }}}, Essential, and Premium instances, projects are optional, which means you can either group these instances in a project or keep these instances at the organization level.
+- For {{{ .dedicated }}} clusters, projects are required.
+
+The function of a project varies by project type. Currently, there are three types of projects:
+
+- TiDB X project: this is the default project type when you create a project on the [My TiDB](/tidb-cloud/my-tidb.md) page. In this type of project, you can only add {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances.
+- TiDB Dedicated project: this project type is used only for {{{ .dedicated }}} clusters. In this type of project, you can only add {{{ .dedicated }}} clusters. Within your organization, settings and access controls such as networks, maintenance, alert subscriptions, and encryption access can be managed separately by project, and configurations in different projects do not affect each other.
+- TiDB virtual project: this is a virtual project. It is not displayed in the [TiDB Cloud console](https://tidbcloud.com/) and does not provide any management capabilities. It acts as a virtual container for {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} instances that do not belong to any project, so that these instances can be accessed through the TiDB Cloud API by using a project ID. Each organization has a unique virtual project ID.
+
+For more information about the differences between these project types, see [Project types](/tidb-cloud/manage-user-access.md#project-types).
### project members
@@ -141,6 +158,13 @@ A separate database that can be located in the same or different region and cont
TiDB Cloud measures the capacity of [changefeeds](/tidb-cloud/changefeed-overview.md) in TiCDC Replication Capacity Units (RCUs). When you create a changefeed, you can select an appropriate specification. The higher the RCU, the better the replication performance. You will be charged for these TiCDC changefeed RCUs. For more information, see [Changefeed Cost](https://www.pingcap.com/tidb-dedicated-pricing-details/#changefeed-cost).
+### Resource
+
+A TiDB resource is a manageable TiDB deployment unit. It can be one of the following:
+
+- A {{{ .starter }}}, {{{ .essential }}}, or {{{ .premium }}} [instance](#instance)
+- A {{{ .dedicated }}} [cluster](#cluster)
+
### Request Capacity Unit (RCU)
A Request Capacity Unit (RCU) is a unit of measure used to represent the provisioned compute capacity for your {{{ .essential }}} instance. One RCU provides a fixed amount of compute resources that can process a certain number of RUs per second. The number of RCUs you provision determines the baseline performance and throughput capacity of your {{{ .essential }}} instance. For more information, see [{{{ .essential }}} Pricing Details](https://www.pingcap.com/tidb-cloud-essential-pricing-details/).
@@ -176,6 +200,12 @@ A new distributed SQL architecture that makes cloud-native object storage the ba
The TiDB X architecture is now available in {{{ .starter }}} and Essential{{{ .starter }}}, Essential, and Premium. For more information, see [Introducing TiDB X: A New Foundation for Distributed SQL in the Era of AI](https://www.pingcap.com/blog/introducing-tidb-x-a-new-foundation-distributed-sql-ai-era/) and [PingCAP Launches TiDB X and New AI Capabilities at SCaiLE Summit 2025](https://www.pingcap.com/press-release/pingcap-launches-tidb-x-new-ai-capabilities/).
+### TiDB X instance
+
+A TiDB X instance is a service-oriented TiDB Cloud offering built on the [TiDB X architecture](/tidb-cloud/tidb-x-architecture.md). It does not require you to manage or understand the underlying cluster topology.
+
+Among TiDB Cloud plans, {{{ .starter }}}, {{{ .essential }}}, and {{{ .premium }}} are using the TiDB X architecture. Therefore, when "TiDB X instance" is mentioned, it refers to a {{{ .starter }}}, {{{ .essential }}}, or {{{ .premium }}} instance.
+
### TiFlash node
The analytical storage node that replicates data from TiKV in real time and supports real-time analytical workloads.
diff --git a/tidb-cloud/tidb-cloud-quickstart.md b/tidb-cloud/tidb-cloud-quickstart.md
index 4be51f636f082..962e86e1ba01e 100644
--- a/tidb-cloud/tidb-cloud-quickstart.md
+++ b/tidb-cloud/tidb-cloud-quickstart.md
@@ -30,7 +30,7 @@ Additionally, you can try out TiDB features on [TiDB Playground](https://play.ti
- To create a new {{{ .starter }}} instance on your own, follow these steps:
1. Click **Create Resource**.
- 2. On the **Create** page, **Starter** is selected by default. Select the cloud provider and target region for your {{{ .starter }}} instance, update the default instance name if necessary, and then click **Create**. Your {{{ .starter }}} instance will be created in approximately 30 seconds.
+ 2. On the **Create Resource** page, **Starter** is selected by default. Enter a name for the {{{ .starter }}} instance, select the cloud provider and target region, and then click **Create**. Your {{{ .starter }}} instance will be created in approximately 30 seconds.