DOC: PyPI Organization Account permissions for different projects

[pllim]

What's the problem this feature will solve?

I am looking for a clearer documentation at https://docs.pypi.org/organization-accounts/roles-entities/ .

Describe the solution you'd like

Let's consider this case:

org
|__ project_1
|__ project_2

org
|__ team_1 (user_a, user_b)
|__ team_2 (user_b, user_c)

Let's say I want the following access granted:

project_1 -> team_1
project_2 -> team_2

So, in this case, user_a should not be able to touch project_2, user_c should not be able to touch project_1, but user_b will not see any restriction between these projects.

Now, I see that as an org admin, I can see team permissions and user permissions separately. If a project was moved to the org after-the-fact, it would also carry over some individual maintainers. What exactly do I need to do here to make sure the permissions are what I want them to be? Say, if I accidentally set conflicting permission levels, which one would take precedence and how do I check?

Thank you!

Additional context

astropy/astropy-project#347

[pllim]

And if we're publishing via Actions with generated tokens, do I even have do create Teams here?

[pllim]

What if I have a mix of projects using automated publishing and not?