redpanda-data · micheleRP · Apr 30, 2026 · Apr 30, 2026 · Apr 30, 2026 · Apr 30, 2026
@@ -34,7 +34,8 @@ image::topic.png[]
 
 Manage Redpanda users and control who has access to Redpanda Console:
 
-* *Visual ACL management*: Create, view, and manage ACLs, ensuring that your data is secure and access is properly controlled.
+* *Visual ACL management*: Create, view, and edit individual ACLs, with role-inherited permissions shown inline so you can see exactly what each principal is authorized to do.
+* *Role-based access control*: Group permissions into roles and assign roles to users or OIDC groups; manage role membership from a dedicated role page.
 * *Rotate credentials*: Update user and service account passwords to maintain security without downtime.
 * *Identity provider integration*: For enterprise users, Redpanda Console integrates with identity providers (IdPs) for single sign-on (SSO), making user management straightforward and secure.
 

@@ -292,7 +292,7 @@ curl localhost:8083/
 
 To connect to a Redpanda Cloud cluster with Docker Compose:
 
-. Use `rpk` or Redpanda Console (*Security* tab) to create a Redpanda user.
+. Use `rpk` or Redpanda Console (*Security* > *Users*) to create a Redpanda user.
 . Create ACLs for the user.
 . Set the username in the `CONNECT_SASL_USERNAME` property.
 . Create a file containing the user password (for example, in the path `passwords/redpanda-password/password`). Specify this path in the `CONNECT_SASL_PASSWORD_FILE` property.

@@ -286,7 +286,8 @@ image::console:user.png[]
 
 Click *Done*, and you see a new user called Sasha. This user has no permissions yet. To set permissions on the `transactions` topic:
 
-. On the Access control page, open to the *Roles* tab.
+// TODO DOC-2123: verify Roles form labels (resource selector, Operations control, Principals selector) against the shipped Console v3 Security page once Jan's PR lands.
+. From *Security* in the left navigation menu, go to *Roles*.
 . Click *Create role*.
 . Enter "transaction-managers" as the role name.
 . In the topic selector dropdown, select *Literal* and enter "transactions" in the input field.

@@ -32,11 +32,15 @@ ACLs control access by defining:
 
 ACLs work with SASL/SCRAM and mTLS authentication methods to provide comprehensive security.
 
+[[manage-acls]]
 == Manage ACLs
 
 You can create and manage ACLs in the following ways:
 
-* *{ui}*: Select *Security* from the left navigation menu, select the *ACLs* tab. After the ACL is created, you can add users or roles to it. 
+[[create-first-acl]]
+* *{ui}*: From *Security* in the left navigation menu, go to *ACLs* and click *Create ACL*. Each ACL is a single rule with one principal (user, role, or group), one operation (or `All`), one resource pattern, and one host. Use the filter at the top of the list to narrow ACLs by name. The filter accepts a regular expression, for example `^prod-` matches every resource starting with `prod-`.
++
+// TODO DOC-2123: confirm exact path/label for the ACLs list once Jan ships the new Security page; expected route is `/security/acls`.
 * *Command Line*: Use the `rpk` command-line tool for programmatic management.
 +
 For example, suppose you want to create a user named `analytics-user` who can read from topics starting with `logs-` and write to a topic called `processed-data`:

@@ -4,4 +4,4 @@ To view details of an existing role:
 
 2. Find the role you want to view and click the role name.
 
-All roles are listed in a paginated view. You can also filter the view using the input field at the top of the list.
+All roles are listed in a paginated view. The filter input at the top of the list accepts a regular expression, for example `^data-` matches every role name starting with `data-`.
@@ -2,4 +2,4 @@ To view all existing roles:
 
 . From *Security* on the left navigation menu, select the *Roles* tab.
 +
-All roles are listed in a paginated view. You can also filter the view using the input field at the top of the list.
+All roles are listed in a paginated view. The filter input at the top of the list accepts a regular expression, for example `^data-` matches every role name starting with `data-`.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -4,4 +4,4 @@ To view details of an existing role:

		2. Find the role you want to view and click the role name.

		All roles are listed in a paginated view. You can also filter the view using the input field at the top of the list.
		All roles are listed in a paginated view. The filter input at the top of the list accepts a regular expression, for example `^data-` matches every role name starting with `data-`.