Document ADP fine-grained permissions for DOC-2041#23
Open
micheleRP wants to merge 2 commits into
Open
Conversation
Adds permissions-overview.adoc (concept) explaining the permission/role/role-binding model, identity types, and the seven built-in roles, and permissions-reference.adoc (reference) listing every ADP-namespaced permission with which built-in role grants it. Replaces the TODO and one-off permission callouts in Configure an LLM Provider, Connect Your Agent, Register Your Own Agent, and the Governance dashboard prerequisites with xrefs into the new reference. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
✅ Deploy Preview for redpanda-agentic-data-plane ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
governance/pages/permissions-overview.adocexplains the permission/role/role-binding model, identity types (user OIDC vs service account), and the seven built-in roles (Admin, Writer, Reader, plus four Invoker sub-roles). Clarifies that account impersonation applies to Kafka and Schema Registry only, not to ADP endpoints.governance/pages/permissions-reference.adoclists every ADP-namespaced permission grouped by family (MCP server, LLM provider, agent management, agent credential, spending, A2A runtime, pipeline, knowledge base) with which built-in role grants each one.configure-provider.adoc,connect-agent.adoc,byoa-register.adoc, anddashboard/overview.adocwith xrefs into the new reference.nav.adoc.Source-verified against
cloudv2pkg/permissions/permissions_constants.go,apps/aigw/internal/llm/authz.go,apps/aigw/internal/mcp/authz.go, andapps/ai-agent/internal/agent/authorization.goon origin/main (2026-05-18). Research is on DOC-2041; engineering work was shipped under ENG-1017.Closes: DOC-2041
Open follow-ups (not blocking this PR)
permissions-overview.adoc.rpk cloud iamcoverage, and the legacydataplane_mcpserver_*vsdataplane_adp_mcpserver_*naming policy still need eng confirmation — flagged in the DOC-2041 research comment.Preview pages
The four pages with one-line xref updates (
configure-provider,connect-agent,byoa-register,dashboard/overview) are linked from the new reference and visible from the diff.Test plan
npm run build) — verified, no new warnings or errors from the new pages.About ADP Permissionsreads as a concept page; xrefs to the reference resolve.ADP Permissions Referenceshows each namespace section and the built-in roles summary.configure-provider.adoc,connect-agent.adoc,byoa-register.adoc, anddashboard/overview.adocjump to the right anchor sections.🤖 Generated with Claude Code