diff --git a/modules/get-started/pages/cluster-types/create-dedicated-cloud-cluster.adoc b/modules/get-started/pages/cluster-types/create-dedicated-cloud-cluster.adoc index 0a61b3092..9642d88d0 100644 --- a/modules/get-started/pages/cluster-types/create-dedicated-cloud-cluster.adoc +++ b/modules/get-started/pages/cluster-types/create-dedicated-cloud-cluster.adoc @@ -50,9 +50,9 @@ rpk cloud login export REDPANDA_BROKERS="" ``` -. Go to the **Security** page, and create a user called **redpanda-chat-account** that uses the SCRAM-SHA-256 mechanism. +. Go to **Security** > **Users**, click **Create user**, and create a user called **redpanda-chat-account** that uses the SCRAM-SHA-256 mechanism. -. Copy the password, and set the following environment variables on your local machine: +. In the *User created successfully* dialog, copy the password and set the following environment variables on your local machine: + ```bash export REDPANDA_SASL_USERNAME="redpanda-chat-account" @@ -60,13 +60,18 @@ export REDPANDA_SASL_PASSWORD="" export REDPANDA_SASL_MECHANISM="SCRAM-SHA-256" ``` -. Click the name of your user, and add the following permissions to the ACL (access control list): +. Click **Go to user details**. + +. Under *ACLs*, click *+ Add ACL*, and define the following rule to grant the user full access to the `chat-room` topic: + -- **Host**: * -- **Topic name**: `chat-room` -- **Operations**: All -+ -. Click **Create**. +- **Resource Type**: Topic +- **Pattern Type**: Literal +- **Resource Name**: `chat-room` +- **Operation**: All +- **Permission**: Allow +- **Host**: `*` ++ +. Click **Add ACL**. . Use `rpk` on your local machine to authenticate to Redpanda as the **redpanda-chat-account** user and get information about the cluster: + diff --git a/modules/get-started/pages/cluster-types/serverless.adoc b/modules/get-started/pages/cluster-types/serverless.adoc index 4e8c1eaa4..a2214d8fb 100644 --- a/modules/get-started/pages/cluster-types/serverless.adoc +++ b/modules/get-started/pages/cluster-types/serverless.adoc @@ -83,7 +83,7 @@ NOTE: After private access is disabled, attempts to reach the private endpoints . Click **Create cluster**. -. To start working with your cluster, go to the *Topics* page to create a topic and produce messages to it. Add team members and grant them access with ACLs on the *Security* page. +. To start working with your cluster, go to the *Topics* page to create a topic and produce messages to it. Add team members on the *Security* > *Users* page, then click into a user to assign roles or add ACLs from their detail page. == Interact with your cluster diff --git a/modules/get-started/pages/whats-new-cloud.adoc b/modules/get-started/pages/whats-new-cloud.adoc index b4841ab66..973af7feb 100644 --- a/modules/get-started/pages/whats-new-cloud.adoc +++ b/modules/get-started/pages/whats-new-cloud.adoc @@ -18,6 +18,19 @@ You can now set cluster-wide defaults for new topics on BYOC and Dedicated clust == May 2026 +=== Redpanda Console: redesigned Security page + +Redpanda Console has a redesigned Security page with three tabs (*Users*, *Roles*, and *Permissions*). Each user and role has a detail page for managing its permissions. + +* The *Users* tab lists each user with their assigned roles and a count of their ACLs. Filter the list by name using regular expressions; for example, `^prod-` matches every user starting with `prod-`. +* Open a user or role to manage permissions on its detail page. The *ACLs* section shows one row per rule, with columns for type, resource, operation, permission, and host, and supports three actions: +** *+ Add ACL* opens a focused form where you specify the resource type, pattern type, resource name, operation, permission, and host. +** *Allow all operations* grants full wildcard access across all resource types in a single step. Use this for testing only; it is too broad for production. +** Select rows with the checkboxes and click *Delete selected* to remove ACLs in bulk. +* The *Permissions* tab is a unified, cluster-wide view of every principal with ACLs. Each row shows direct ACL counts and ACLs inherited from roles, with a red badge highlighting any principal that has Deny rules. Expand a row to see all of that principal's ACLs in one table: direct rules first, then sections labeled *VIA ROLE: * for each role they inherit from. Search across principals, resources, and roles, or click *Create ACL* to add a rule from scratch. + +See xref:security:authorization/acl.adoc[] for the full ACL reference and xref:security:authorization/rbac/rbac_dp.adoc[] for role management. + === Redpanda SQL Redpanda SQL is available on BYOC clusters running on AWS. Run real-time SQL queries on Redpanda topic data, including the Iceberg history of Iceberg-enabled topics, using standard PostgreSQL syntax. Connect with `psql` or any PostgreSQL driver. See the xref:sql:get-started/sql-quickstart.adoc[Quickstart] and xref:sql:get-started/overview.adoc[Overview]. diff --git a/modules/security/pages/cloud-authentication.adoc b/modules/security/pages/cloud-authentication.adoc index b290c94c6..e031bcc2e 100644 --- a/modules/security/pages/cloud-authentication.adoc +++ b/modules/security/pages/cloud-authentication.adoc @@ -129,7 +129,7 @@ To enable account impersonation: . Go to the *Dataplane settings* page. . Enable impersonation for *Kafka API*, *Schema Registry*, or both. -. Configure permissions for your users on the cluster *Security* page using ACLs or RBAC roles. +. Configure permissions for your users on the cluster *Security* page: open a user under *Users* (or a role under *Roles*) and add ACLs or assign roles from the detail page. [IMPORTANT] ====