Add Granular Console permissions documentation

[mpmadhavig]

Purpose

Documents the granular Console permission model for Console roles in the Manage Console access guide, and restructures the permission definitions so they are introduced before the role-creation steps.

Changes

• Added a new Console role permissions section before Create a role that defines:
  • Tenant Permissions vs Organization Permissions.
  • The default View / Edit permission levels (existing behavior — unchanged).
• Added a Granular Console permissions subsection documenting the opt-in model:
  • Enabled via deployment.toml:

    [console_settings]
    use_granular_console_permissions = true

  • Independent View / Create / Update / Delete permission levels per Console component.
  • Note that View is required while any write permission is active.
  • Compatibility note: roles created with the combined Edit permission continue to work (Edit ≡ Create + Update + Delete).
• Moved the permission definitions out of the Create a role table into the new section to avoid duplication; the create-role steps now reference them.

Notes

• The default (combined View / Edit) behavior is preserved. The granular model is strictly opt-in and off by default (use_granular_console_permissions defaults to false).

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: 66938a73-1434-4571-b5b5-c791f4ba2b2d

📥 Commits

Reviewing files that changed from the base of the PR and between 347132d and 44e43c9.

📒 Files selected for processing (1)

• en/includes/guides/admin-portal/manage-console-access.md

🚧 Files skipped from review as they are similar to previous changes (1)

• en/includes/guides/admin-portal/manage-console-access.md

---

📝 Walkthrough

Walkthrough

The manage-console-access.md guide is reorganized to introduce a dedicated "Manage Console roles" section covering permission scopes, View/Edit levels, and an optional granular permission model with a deployment.toml snippet. The previously inline permissions table inside the "Create a role" step is removed.

Changes

Console Role Permissions Documentation

Layer / File(s)	Summary
New permissions section and inline table removal en/includes/guides/admin-portal/manage-console-access.md	Adds a dedicated "Manage Console roles" section (tenant vs. organization scope, View/Edit permission levels, granular deployment.toml configuration, and compatibility notes) immediately after the Console login update steps; removes the inline permissions table that previously appeared inside the "Create a role" step.

Suggested labels

Team/API Access Mgt & Authorization

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description is comprehensive and addresses the main objectives, but the required template sections (Test environment, Security checks) are not completed.	Complete the Test environment section and confirm the security checks (or mark as N/A if documentation-only changes).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: documentation of a granular Console permissions model.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

en/includes/guides/admin-portal/manage-console-access.md (1)

164-165: ⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Remove the extra blank line before the group-assignment bullet.

Markdownlint MD012 rejects the two consecutive blank lines here. Keep only one blank line between the user and group sublists.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@en/includes/guides/admin-portal/manage-console-access.md` around lines 164 -
165, Remove one of the two consecutive blank lines appearing before the "To
assign a group:" bullet point. Markdownlint MD012 prohibits multiple consecutive
blank lines; ensure there is only a single blank line separating the user and
group assignment sublists in the file.

Source: Pipeline failures

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@en/includes/guides/admin-portal/manage-console-access.md`:
- Line 89: Change the heading from Title Case to Sentence Case to comply with
Vale style rules. In the heading "Granular Console permissions", lowercase the
word "Console" so it reads "Granular console permissions" - only the first word
of the heading and proper nouns should be capitalized in Sentence Case style.
- Around line 124-125: The sentence in the "Compatibility with existing roles"
note is too long and uses the wordy word "equivalent", which Vale is flagging
for readability. Shorten this sentence by replacing "equivalent to granting"
with a more concise phrasing such as "grants" or "provides", and simplify the
overall structure to make it easier to scan while maintaining the same meaning
about how the combined Edit permission maps to the granular permissions model.
- Around line 93-98: The documentation for the
`use_granular_console_permissions` configuration setting is incomplete according
to documentation standards. Enhance the existing documentation to include: (1) a
clear statement that this setting defaults to false, (2) an explanation of when
and why users should enable this feature (i.e., use cases where granular
permissions are needed), and (3) any constraints or considerations users should
be aware of when using this configuration. Add this information before or after
the configuration example to provide complete guidance on the setting.

---

Outside diff comments:
In `@en/includes/guides/admin-portal/manage-console-access.md`:
- Around line 164-165: Remove one of the two consecutive blank lines appearing
before the "To assign a group:" bullet point. Markdownlint MD012 prohibits
multiple consecutive blank lines; ensure there is only a single blank line
separating the user and group assignment sublists in the file.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

Run ID: f9a43eb5-aae2-4c44-9612-da831901f229

📥 Commits

Reviewing files that changed from the base of the PR and between 88ec91c and 347132d.

📒 Files selected for processing (1)

• en/includes/guides/admin-portal/manage-console-access.md

[hwupathum]

Shall we add a screenshot