From 748b8ce6641ee1d8fe43ce308af542a3ccafe492 Mon Sep 17 00:00:00 2001 From: Paulo Borges Date: Tue, 24 Feb 2026 17:32:33 -0300 Subject: [PATCH 1/3] add glossterms for gbac --- modules/terms/partials/gbac.adoc | 8 ++++++++ modules/terms/partials/principal.adoc | 6 ++++-- 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 modules/terms/partials/gbac.adoc diff --git a/modules/terms/partials/gbac.adoc b/modules/terms/partials/gbac.adoc new file mode 100644 index 0000000000..8aabb63ed3 --- /dev/null +++ b/modules/terms/partials/gbac.adoc @@ -0,0 +1,8 @@ +=== GBAC +:term-name: GBAC +:hover-text: Group-based access control extends RBAC by letting you assign permissions to OIDC groups so that users inherit access based on their identity provider group membership. +:category: Redpanda security + +GBAC builds on xref:ROOT:manage:security/authorization/rbac.adoc[role-based access control (RBAC)] to simplify permission management at scale. Instead of assigning roles or ACLs to individual users, you assign them to OIDC groups managed by your identity provider. Users inherit permissions from all groups reported in their OIDC token claims. + +For more information, see xref:ROOT:manage:security/authorization/gbac.adoc[]. diff --git a/modules/terms/partials/principal.adoc b/modules/terms/partials/principal.adoc index dfc46cb827..4746afcee4 100644 --- a/modules/terms/partials/principal.adoc +++ b/modules/terms/partials/principal.adoc @@ -1,4 +1,6 @@ === principal :term-name: principal -:hover-text: An entity (such as a user account or a service account) that accesses resources. Principals can be authenticated and granted permissions based on roles to perform operations. -:category: Redpanda security \ No newline at end of file +:hover-text: An authenticated identity (user, service account, or group) that Redpanda evaluates when enforcing ACLs and role assignments. +:category: Redpanda security + +Redpanda supports `User:` and `Group:` principal types. Permissions are granted to principals through xref:ROOT:manage:security/authorization/acl.adoc[ACLs] or xref:ROOT:manage:security/authorization/rbac.adoc[RBAC] role assignments. \ No newline at end of file From c6bfd8f448ff52a2080863b409c3e875a576c049 Mon Sep 17 00:00:00 2001 From: Paulo Borges Date: Tue, 24 Feb 2026 18:24:49 -0300 Subject: [PATCH 2/3] act on review point --- modules/terms/partials/gbac.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/terms/partials/gbac.adoc b/modules/terms/partials/gbac.adoc index 8aabb63ed3..160ef30de4 100644 --- a/modules/terms/partials/gbac.adoc +++ b/modules/terms/partials/gbac.adoc @@ -1,8 +1,8 @@ === GBAC :term-name: GBAC -:hover-text: Group-based access control extends RBAC by letting you assign permissions to OIDC groups so that users inherit access based on their identity provider group membership. +:hover-text: Group-based access control lets you assign permissions to OIDC groups so that users inherit access based on their identity provider group membership. :category: Redpanda security -GBAC builds on xref:ROOT:manage:security/authorization/rbac.adoc[role-based access control (RBAC)] to simplify permission management at scale. Instead of assigning roles or ACLs to individual users, you assign them to OIDC groups managed by your identity provider. Users inherit permissions from all groups reported in their OIDC token claims. +GBAC allows you to manage permissions at the group level instead of per user. You can grant permissions to groups in two ways: create xref:ROOT:manage:security/authorization/acl.adoc[ACLs] with `Group:` principals, or assign groups as members of xref:ROOT:manage:security/authorization/rbac.adoc[RBAC] roles. Both approaches can be used independently. For more information, see xref:ROOT:manage:security/authorization/gbac.adoc[]. From 5b4f627cd1547c4f034a6a024d7252758a7d5ebe Mon Sep 17 00:00:00 2001 From: Paulo Borges Date: Thu, 26 Feb 2026 17:19:39 -0300 Subject: [PATCH 3/3] Update modules/terms/partials/gbac.adoc --- modules/terms/partials/gbac.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/terms/partials/gbac.adoc b/modules/terms/partials/gbac.adoc index 160ef30de4..eafeb5ded0 100644 --- a/modules/terms/partials/gbac.adoc +++ b/modules/terms/partials/gbac.adoc @@ -3,6 +3,6 @@ :hover-text: Group-based access control lets you assign permissions to OIDC groups so that users inherit access based on their identity provider group membership. :category: Redpanda security -GBAC allows you to manage permissions at the group level instead of per user. You can grant permissions to groups in two ways: create xref:ROOT:manage:security/authorization/acl.adoc[ACLs] with `Group:` principals, or assign groups as members of xref:ROOT:manage:security/authorization/rbac.adoc[RBAC] roles. Both approaches can be used independently. +GBAC allows you to manage permissions at the group level instead of per user. You can grant permissions to groups in two ways: create xref:ROOT:manage:security/authorization/acl.adoc[ACLs] with `Group:` principals, or assign groups as members of xref:ROOT:manage:security/authorization/rbac.adoc[RBAC] roles. Both approaches can be used independently or together. For more information, see xref:ROOT:manage:security/authorization/gbac.adoc[].