Skip to content

DOC-2123: Update Console ACL UI references for new atomic-ACL design #568

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
micheleRP wants to merge 6 commits into
base: main
Choose a base branch
from
Open

DOC-2123: Update Console ACL UI references for new atomic-ACL design #568

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
6bfa49a
DOC-2123: Update Console ACL UI references for new atomic-ACL design
micheleRP Apr 30, 2026
da44f2f
DOC-2123: Add May 2026 What's New entry for redesigned Security page
micheleRP Apr 30, 2026
710bc18
DOC-2123: Fix Security page model — ACLs are per-principal, not stand…
micheleRP Apr 30, 2026
e7e040a
DOC-2123: Add Permissions tab to What's New entry
micheleRP Apr 30, 2026
39e8a0f
TEMP DOC-2123: point docs source at sibling PR branch
micheleRP Apr 30, 2026
10f1a68
DOC-2123: Style cleanup on May 2026 What's New entry
micheleRP May 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 11 additions & 6 deletions modules/get-started/pages/cluster-types/create-dedicated-cloud-cluster.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ rpk cloud login
export REDPANDA_BROKERS="<bootstrap-server-address>"
```

. Go to the **Security** page, and create a user called **redpanda-chat-account** that uses the SCRAM-SHA-256 mechanism.
. Go to **Security** > **Users**, click **Create user**, and create a user called **redpanda-chat-account** that uses the SCRAM-SHA-256 mechanism.

. Copy the password, and set the following environment variables on your local machine:
+
Expand All @@ -58,12 +58,17 @@ export REDPANDA_SASL_PASSWORD="<password>"
export REDPANDA_SASL_MECHANISM="SCRAM-SHA-256"
```

. Click the name of your user, and add the following permissions to the ACL (access control list):
// TODO DOC-2123: confirm final ACL form labels (Resource Type, Pattern Type, Resource Name, Operation, Permission, Host) once the new Security page ships.
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Resolve TODO before merge to avoid label drift in GA docs.

Leaving // TODO DOC-2123 here means ACL field labels may ship unverified; this conflicts with the PR’s stated merge condition to resolve all TODO markers.

Based on learnings: “In Redpanda Cloud documentation, field names and labels should match exactly what appears in the UI, even if the terminology might seem technically inconsistent.”

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@modules/get-started/pages/cluster-types/create-dedicated-cloud-cluster.adoc`
at line 61, Remove the placeholder TODO marker "// TODO DOC-2123" and replace it
with the final, verified ACL field labels (or remove the comment entirely) once
you confirm the exact UI wording; specifically update the ACL labels to match
the UI values for Resource Type, Pattern Type, Resource Name, Operation,
Permission, and Host in the create-dedicated-cloud-cluster.adoc content, and
ensure no TODO markers remain before merge.

. Go to **Security** > **ACLs**, click **Create ACL**, and grant the **redpanda-chat-account** user full access to the `chat-room` topic:
+
- **Principal**: `User:redpanda-chat-account`
- **Resource type**: Topic
- **Pattern type**: Literal
- **Resource name**: `chat-room`
- **Operation**: All
- **Permission**: Allow
- **Host**: `*`
+
- **Host**: *
- **Topic name**: `chat-room`
- **Operations**: All
+
. Click **Create**.

. Use `rpk` on your local machine to authenticate to Redpanda as the **redpanda-chat-account** user and get information about the cluster:
Expand Down
2 changes: 1 addition & 1 deletion modules/get-started/pages/cluster-types/serverless.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ NOTE: After private access is disabled, attempts to reach the private endpoints

. Click **Create cluster**.

. To start working with your cluster, go to the *Topics* page to create a topic and produce messages to it. Add team members and grant them access with ACLs on the *Security* page.
. To start working with your cluster, go to the *Topics* page to create a topic and produce messages to it. Add team members on the *Security* > *Users* page, then grant them access on the *Security* > *ACLs* page or assign them to a role on the *Security* > *Roles* page.

== Interact with your cluster

Expand Down
4 changes: 2 additions & 2 deletions modules/security/pages/cloud-authentication.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,14 +125,14 @@ BYOC and Dedicated clusters support unified authentication and authorization bet
To enable account impersonation:

. Go to the *Dataplane settings* page and select the option to enable account impersonation.
. Configure permissions for your users on the cluster *Security* page using ACLs or RBAC roles.
. Configure permissions for your users on the cluster *Security* > *ACLs* or *Security* > *Roles* page.

[IMPORTANT]
====
After enabling account impersonation:

* *Admin users* continue to have full access as before
* *Reader and Writer users* will lose access to the cluster until you explicitly grant them permissions through ACLs or RBAC roles on the *Security* page
* *Reader and Writer users* will lose access to the cluster until you explicitly grant them permissions through ACLs or RBAC roles on the *Security* > *ACLs* or *Security* > *Roles* page

Plan to configure user permissions before or immediately after enabling this feature to avoid access disruption.
====
Expand Down