DOC-1809 Document Cloud Feature Group-based Access Control via OIDC

[JakeSCahill]

Summary

• Restructures GBAC (Group-based Access Control) documentation to mirror the RBAC folder structure, with separate control plane and data plane pages
• Documents GBAC control plane features: registering groups, predefined roles, and custom roles
• Adds GBAC references across the repo (BYOC architecture, billing, AI agents, authorization overview)

Changes

New files

• modules/security/pages/authorization/gbac/index.adoc — GBAC index page
• modules/security/pages/authorization/gbac/gbac.adoc — GBAC in the control plane (terminology, register groups, predefined roles, custom roles)
• modules/security/pages/authorization/gbac/gbac_dp.adoc — GBAC in the data plane (moved from authorization/gbac.adoc)
• modules/security/partials/predefined-roles.adoc — Shared partial for predefined roles (Reader, Writer, Admin), included by both RBAC and GBAC control plane pages

Updated files

• modules/ROOT/nav.adoc — Updated navigation with GBAC section and child pages
• modules/security/pages/authorization/rbac/rbac.adoc — Uses predefined-roles partial, added custom roles section, added suggested reading links
• modules/security/pages/authorization/rbac/rbac_dp.adoc — Added suggested reading links
• modules/security/pages/authorization/cloud-authorization.adoc — Updated GBAC xref to index, added control plane/data plane mention
• modules/get-started/pages/whats-new-cloud.adoc — Updated GBAC blurb to reference both CP and DP pages
• modules/get-started/pages/byoc-arch.adoc — Added GBAC alongside RBAC for both control plane and data plane
• modules/ai-agents/partials/service-account-authorization.adoc — Added GBAC as alternative to RBAC
• modules/billing/pages/billing-notifications.adoc — Added GBAC link alongside RBAC

Preview pages

What's New
GBAC index page
GBAC in control plane
GBAC in data plane

Related PR

• Remove Register groups section from gbac-dp partial docs#1654 — Removes the Register groups in Redpanda Cloud section from the shared gbac-dp.adoc partial (moved to this repo's gbac.adoc)

Test plan

• Verify GBAC index page renders with child page cards
• Verify all xrefs resolve correctly (no broken links)
• Verify predefined roles partial renders on both RBAC and GBAC pages
• Verify navigation shows GBAC section with two child pages
• Confirm Serverless limitation is noted

Preview: https://deploy-preview-542--rp-cloud.netlify.app/redpanda-cloud/security/authorization/gbac/

🤖 Generated with Claude Code

[netlify]

✅ Deploy Preview for rp-cloud ready!

Name	Link
🔨 Latest commit	a4af899
🔍 Latest deploy log	https://app.netlify.com/projects/rp-cloud/deploys/69cda1b3ed8290000833dd27
😎 Deploy Preview	https://deploy-preview-542--rp-cloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e7d0870f-3444-435f-afd4-ff2941cc8ac0

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This PR adds documentation for a new Group-based Access Control (GBAC) feature across multiple cloud documentation pages. Changes include: creating a new GBAC documentation page, updating the navigation structure to include the GBAC reference, adding GBAC to the feature comparison table in the cloud overview, marking GBAC as unsupported on Serverless clusters, documenting GBAC in the authorization guide, and adding a "What's New" announcement for April 2026. All changes are documentation-only with no code entity modifications.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• DOC-1261 comparison table for cloud deployments #393: Modifies the same feature comparison table in cloud-overview.adoc that this PR updates with the new GBAC row.
• DOC-1637 update cloud for SR auth UI #396: Updates the same navigation structure (modules/ROOT/nav.adoc) related to RBAC/ACL entries.
• DOC-1809 Document Cloud Feature Group-based Access Control via OIDC #536: Adds GBAC documentation pages and navigation entries across multiple files including gbac.adoc and nav.adoc.

Suggested reviewers

• Mateoc
• Feediver1
• paulohtb6

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description lacks required template sections including a resolved issue link, review deadline, and page preview links.	Add the GitHub issue number (DOC-1809), set a review deadline, and include preview links for all modified pages in the template format.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: adding documentation for the GBAC (Group-based Access Control) feature via OIDC, which aligns with all file changes in the pull request.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch DOC-1809-Document-Cloud-Feature-Group-based-Access-Control-via-OIDC

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/security/pages/authorization/gbac.adoc`:
- Line 7: Fix the grammar in the NOTE line in
modules/security/pages/authorization/gbac.adoc by changing the phrase "This
features is available for BYOC and Dedicated clusters." to "This feature is
available for BYOC and Dedicated clusters." — update the NOTE text (the string
"This features is available...") to use the singular "feature".

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3dcb70ad-01ce-44de-83a7-be0eb6ae5302

📥 Commits

Reviewing files that changed from the base of the PR and between 2d6250b and e49a17d.

📒 Files selected for processing (6)

• modules/ROOT/nav.adoc
• modules/get-started/pages/cloud-overview.adoc
• modules/get-started/pages/cluster-types/serverless.adoc
• modules/get-started/pages/whats-new-cloud.adoc
• modules/security/pages/authorization/cloud-authorization.adoc
• modules/security/pages/authorization/gbac.adoc