DOC-2123: Update Console ACL UI references for new atomic-ACL design

[micheleRP]

Summary

Refresh single-sourced ACL/RBAC content and self-managed Console references ahead of Console's redesigned Security page. The shipped layout (per Jan's recorded demo) is Users / Roles / Permissions — three tabs, no standalone ACLs page. ACLs are managed per principal from the user or role detail page (+ Add ACL for one rule, Allow all operations for a wildcard shortcut, row-checkbox bulk delete). The cloud-docs companion PR is at redpanda-data/cloud-docs#568.

Single-sourced (these flow through to cloud-docs via tag::single-source[])

• acl.adoc: add [[manage-acls]] + [[create-first-acl]] anchors so Console can deep-link from a principal's empty ACLs section. Rewrite the manage-via-UI bullet to describe two entry paths (Permissions tab for cluster-wide view; Users / Roles tab for per-principal management) and the three detail-page actions (+ Add ACL, Allow all operations, Delete selected). Cover the VIA ROLE: <role-name> inheritance grouping on the expanded Permissions row and the Deny-rule indicator.
• rbac-create-role.adoc: split the old bundled "name + permissions + principals in one form" flow into the new "Create modal asks for the name only, then add ACLs and principals on the role detail page" flow.
• rbac-edit-role.adoc, rbac-assign-role.adoc, rbac-unassign-role.adoc, rbac-delete-role.adoc: drop the old Click Edit / Click Update modal pattern. The new UI applies changes immediately via autocomplete-add and trash-icon-remove on Roles and Principals, and the same three actions on ACLs.
• rbac-list-role.adoc, rbac-describe-role.adoc: explain that the principal-list filter input accepts a regex.
• gbac-assign-group-role.adoc, gbac-create-group-acl.adoc: update for the same in-place editing pattern using Group:<name> principals.

Self-managed-only

• quick-start.adoc: walk the unbundled flow (create role → add ACL on detail page → assign principal). Drop the stale "Access control page" wording.
• console/pages/index.adoc: rewrite the access-control bullets for atomic ACL editing and inline role inheritance.
• deploy-kafka-connect.adoc: Security tab → Security > Users.

Build plumbing

• local-antora-playbook.yml: temporarily point the cloud-docs source at the sibling PR branch so this preview renders the cloud-docs PR content. Must be reverted before merge (called out in the test plan).

Inline // TODO DOC-2123 comments mark spots that still need final confirmation from Jan/Martin once we walk against a build.

Context

• Jira: https://redpandadata.atlassian.net/browse/DOC-2123
• Slack design discussions:
  • 2026-04-27 final go/no-go: https://redpandadata.slack.com/archives/C081G37T71B/p1777288781398189
  • 2026-04-28 demo + feedback: https://redpandadata.slack.com/archives/C081G37T71B/p1777384147005759
• v0 demo: https://v0-security-page-refactor-hg49r29x7-redpanda-data.vercel.app/ (URL pattern only; the shipped tab structure differs.)
• Parallel work that may shift selectors/styling: console#2424 (base-ui registry migration)

Open questions for Jan/Martin (cc once in review)

1. Target Console release version?
2. Final microcopy for the post-create-user "What's next?" modal — going with Mali's wording? — confirmed via screenshot: title What's next?, body This user has no permissions yet. Assign roles or create ACLs to grant access to cluster resources., CTAs Go to user details + Done. Quickstart updated to match.
3. Empty-state docs deep-link target — [[create-first-acl]] anchor reserved on acl.adoc. The empty-state on a user's ACLs section is the natural deep-link target; confirm whether you want Console to wire it up.
4. OK to publicly state "editing an ACL no longer causes a brief permission gap"? (Currently held back behind a // TODO in the What's New blurb.)
5. Will Doc Detective data-testid selectors in quick-start.adoc (create-user-button, create-user-name, password-input-toggle) survive both the new Security page work and console#2424?
6. Confirm exact button label on the role detail page: Delete role vs Delete?
7. ETA for the new UI being mergeable in main so we can capture screenshots from a real build and resolve the remaining TODOs?

Preview pages

Self-Managed (this PR):

• Introduction to Redpanda Console (updated)
• Deploy Kafka Connect in Docker (updated)
• Redpanda Self-Managed Quickstart (updated)
• Configure Access Control Lists (updated)
• Configure Role-Based Access Control (updated — via included partials)
• Configure Group-Based Access Control (updated — via included partials)

Cloud (rendered from cloud-docs PR #568 via the temp playbook override):

• Dedicated
• Serverless
• Cloud Authentication
• What's New in Redpanda Cloud (May 2026 entry)

Test plan

• npm run build && npm run serve passes locally
• Cloud build picks up acl.adoc and the RBAC partials via tag::single-source[] (verify on cloud-docs preview)
• No new build errors/warnings introduced (the 5 pre-existing schema-reg-contexts.adoc xref errors are unrelated)
• Walk through the updated quick-start procedure against a real Console build before merge — defer until Console GA
• Capture fresh screenshots from the shipped UI (not v0 / Zoom clips) and replace modules/console/images/user.png
• Resolve every // TODO DOC-2123 comment before merge
• Revert local-antora-playbook.yml — set the redpanda-data/cloud-docs branch back to main (currently points at DOC-2123-console-acl-ui-refresh for cross-PR preview of cloud-docs PR Add 3 new permissions to Customer Managed GCP Redpanda Agent Service Accoun t #568)

🤖 Generated with Claude Code

[netlify]

✅ Deploy Preview for redpanda-docs-preview ready!

Name	Link
🔨 Latest commit	3966374
🔍 Latest deploy log	https://app.netlify.com/projects/redpanda-docs-preview/deploys/69f3ecf7cf0f4000085daa8c
😎 Deploy Preview	https://deploy-preview-1689--redpanda-docs-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request updates documentation across six files to clarify Redpanda Console's user interface navigation paths and filtering capabilities. Changes reflect UI restructuring from generic "Access control" tab references to explicit "Security" menu navigation (e.g., Security → ACLs, Security → Users). Additionally, role and ACL filtering documentation is updated to specify that input fields accept regular expressions, with concrete examples (e.g., ^prod-, ^data-) for pattern matching. Several TODO comments are added to verify UI paths against the shipped Console v3.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• DOC-1202 Console/Cloud schema subject ACLs #1334: Makes overlapping documentation changes to RBAC/ACL guidance and Console navigation paths, affecting the same pages and partials with similar UI path clarifications.

Suggested reviewers

• andresaristizabal
• mattschumpert
• JakeSCahill

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly references the Jira ticket (DOC-2123) and clearly describes the main change: updating Console ACL UI references for a new atomic-ACL design, which aligns with the changeset's focus on refreshing UI references and ACL documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description check	✅ Passed	The PR description is comprehensive and well-structured, covering the changes, context, open questions, test plan, and preview pages.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch DOC-2123-console-acl-ui-refresh

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/manage/pages/security/authorization/acl.adoc`:
- Around line 35-44: The text in the "Create ACL" UI bullet is ambiguous about
what the top-of-list filter targets (it says "ACLs by name" but the example
`^prod-` describes matching resource patterns); update the UI bullet under the
[[create-first-acl]] section so the filter description precisely names the
targeted column (e.g., "resource pattern" or "ACL name") and adjust the example
to match (or change the example to one that matches names), referencing the
"Create ACL" UI step and the filter example `^prod-` so readers are not confused
about whether the filter applies to ACL names or resource patterns.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0c6c32f5-c01c-4e93-97ee-c34810e302f0

📥 Commits

Reviewing files that changed from the base of the PR and between b127848 and 46c2af3.

📒 Files selected for processing (6)

• modules/console/pages/index.adoc
• modules/deploy/pages/kafka-connect/deploy-kafka-connect.adoc
• modules/get-started/pages/quick-start.adoc
• modules/manage/pages/security/authorization/acl.adoc
• modules/manage/partials/rbac-describe-role.adoc
• modules/manage/partials/rbac-list-role.adoc