redpanda-data · micheleRP · Jun 4, 2026 · Apr 30, 2026 · Apr 30, 2026 · Apr 30, 2026
@@ -50,23 +50,28 @@ rpk cloud login
 export REDPANDA_BROKERS="<bootstrap-server-address>"
 ```
 
-. Go to the **Security** page, and create a user called **redpanda-chat-account** that uses the SCRAM-SHA-256 mechanism.
+. Go to **Security** > **Users**, click **Create user**, and create a user called **redpanda-chat-account** that uses the SCRAM-SHA-256 mechanism.
 
-. Copy the password, and set the following environment variables on your local machine:
+. In the *User created successfully* dialog, copy the password and set the following environment variables on your local machine:
 +
 ```bash
 export REDPANDA_SASL_USERNAME="redpanda-chat-account"
 export REDPANDA_SASL_PASSWORD="<password>"
 export REDPANDA_SASL_MECHANISM="SCRAM-SHA-256"
 ```
 
-. Click the name of your user, and add the following permissions to the ACL (access control list):
+. Click **Go to user details**.
+
+. Under *ACLs*, click *+ Add ACL*, and define the following rule to grant the user full access to the `chat-room` topic:
 +
-- **Host**: *
-- **Topic name**: `chat-room`
-- **Operations**: All
-+ 
-. Click **Create**.
+- **Resource Type**: Topic
+- **Pattern Type**: Literal
+- **Resource Name**: `chat-room`
+- **Operation**: All
+- **Permission**: Allow
+- **Host**: `*`
++
+. Click **Add ACL**.
 
 . Use `rpk` on your local machine to authenticate to Redpanda as the **redpanda-chat-account** user and get information about the cluster:
 +

@@ -83,7 +83,7 @@ NOTE: After private access is disabled, attempts to reach the private endpoints
 
 . Click **Create cluster**.
 
-. To start working with your cluster, go to the *Topics* page to create a topic and produce messages to it. Add team members and grant them access with ACLs on the *Security* page. 
+. To start working with your cluster, go to the *Topics* page to create a topic and produce messages to it. Add team members on the *Security* > *Users* page, then click into a user to assign roles or add ACLs from their detail page.
 
 == Interact with your cluster
 

@@ -18,6 +18,19 @@ You can now set cluster-wide defaults for new topics on BYOC and Dedicated clust
 
 == May 2026
 
+=== Redpanda Console: redesigned Security page
+
+Redpanda Console has a redesigned Security page with three tabs (*Users*, *Roles*, and *Permissions*). Each user and role has a detail page for managing its permissions.
+
+* The *Users* tab lists each user with their assigned roles and a count of their ACLs. Filter the list by name using regular expressions; for example, `^prod-` matches every user starting with `prod-`.
+* Open a user or role to manage permissions on its detail page. The *ACLs* section shows one row per rule, with columns for type, resource, operation, permission, and host, and supports three actions:
+** *+ Add ACL* opens a focused form where you specify the resource type, pattern type, resource name, operation, permission, and host.
+** *Allow all operations* grants full wildcard access across all resource types in a single step. Use this for testing only; it is too broad for production.
+** Select rows with the checkboxes and click *Delete selected* to remove ACLs in bulk.
+* The *Permissions* tab is a unified, cluster-wide view of every principal with ACLs. Each row shows direct ACL counts and ACLs inherited from roles, with a red badge highlighting any principal that has Deny rules. Expand a row to see all of that principal's ACLs in one table: direct rules first, then sections labeled *VIA ROLE: <role-name>* for each role they inherit from. Search across principals, resources, and roles, or click *Create ACL* to add a rule from scratch.
+
+See xref:security:authorization/acl.adoc[] for the full ACL reference and xref:security:authorization/rbac/rbac_dp.adoc[] for role management.
+
 === Redpanda SQL
 
 Redpanda SQL is available on BYOC clusters running on AWS. Run real-time SQL queries on Redpanda topic data, including the Iceberg history of Iceberg-enabled topics, using standard PostgreSQL syntax. Connect with `psql` or any PostgreSQL driver. See the xref:sql:get-started/sql-quickstart.adoc[Quickstart] and xref:sql:get-started/overview.adoc[Overview].

@@ -129,7 +129,7 @@ To enable account impersonation:
 
 . Go to the *Dataplane settings* page.
 . Enable impersonation for *Kafka API*, *Schema Registry*, or both.
-. Configure permissions for your users on the cluster *Security* page using ACLs or RBAC roles.
+. Configure permissions for your users on the cluster *Security* page: open a user under *Users* (or a role under *Roles*) and add ACLs or assign roles from the detail page.
 
 [IMPORTANT]
 ====