fix: groups and permissions docs (#576)

docs/get-started.md

@@ -170,16 +170,11 @@ Add users to groups to streamline access management to your Aiven projects and s
       description="Create and add users to groups."
     />
     <Card
-      to="/docs/platform/concepts/permissions"
-      iconName="book"
-      title="Project member roles"
-      description="View project permissions you can assign to users and groups."
-    />
-    <Card
-      to="/docs/platform/howto/add-groups-projects"
+      to="/docs/platform/howto/manage-permissions"
       iconName="clipboardCheck"
-      title="Add groups to projects"
-      description="Give a group of users access to a project."
+      title="Give groups acess to projects"
+      description="Grant roles and permissions to a group of users to access a project
+      and its services."
     />
 </GridContainer>
 

docs/platform/concepts/application-users.md

@@ -13,11 +13,11 @@ You must be a [super admin](/docs/platform/howto/make-super-admin) to access thi
 ## Application user permissions
 
 You [create and manage application users](/docs/platform/howto/manage-application-users)
-at the organization level. Application users are granted access to projects
-and services in the same way as organization users by adding them to
-[projects](/docs/platform/howto/add-project-members) and assigning them a role. You can
-also make application users super admin, giving them full access to your organization,
-its organizational units, projects, services, and billing and other settings.
+at the organization level and you
+[give them access to projects and services](/docs/platform/howto/manage-permissions)
+in the same way as organization users. You can also make application users super admin,
+giving them full access to your organization, its organizational units, projects,
+services, and billing and other settings.
 
 Unlike organization users, application users can't log in to the Aiven Console and the
 authentication policies don't apply to them.

docs/platform/concepts/orgs-units-projects.md

@@ -29,7 +29,7 @@ Organizations also let you centrally manage settings like:
   the organization level, you can use billing groups across all projects in the
   organization and its units. You can't share billing information between organizations.
 - [Users](/docs/platform/concepts/user-access-management) and
-  [groups](/docs/platform/howto/list-groups): Managed at the organization level. You
+  [groups](/docs/platform/howto/manage-groups): Managed at the organization level. You
   can grant users and groups access at the organization and project level with
   [permissions and roles](/docs/platform/concepts/permissions).
 - [Domains](/docs/platform/howto/manage-domains) and

docs/platform/concepts/permissions.md

@@ -8,12 +8,14 @@ To give users access to projects and services in your organizations, you grant t
   group of resources.
 * **Roles**: Sets of permissions that you can assign to a principal.
 
-Principals are
-[organization users](/docs/platform/howto/manage-org-users),
-[application users](/docs/platform/concepts/application-users),
-and [groups](/docs/platform/howto/list-groups).
-You can grant access to principals at the project level. You can
-[add users to services](/docs/platform/howto/create_new_service_user).
+Principals can be:
+* [Organization users](/docs/platform/howto/manage-org-users)
+* [Application users](/docs/platform/concepts/application-users)
+* [Groups](/docs/platform/howto/manage-groups)
+
+You can
+[grant access to principals at the project level](/docs/platform/howto/manage-permissions).
+You can also [add users to services](/docs/platform/howto/create_new_service_user).
 
 To grant access to resources at the organization level, you can
 make organization users [super admin](/docs/platform/howto/make-super-admin).

docs/platform/howto/manage-groups.md

@@ -4,19 +4,22 @@ title: Manage groups of users
 
 import ConsoleLabel from "@site/src/components/ConsoleIcons"
 
-Create groups of users in your organization to make it easier to [give users with similar roles access to projects](/docs/platform/howto/add-groups-projects).
+Create groups of users in your organization to make it easier to manage access to your organization's resources.
+
+You can [grant permissions](/docs/platform/howto/manage-permissions) to groups
+for projects, giving them the right level of access to the project and its services.
 
 ## Create a group
 
 To create a group in an organization:
-<!-- vale off -->
+
 1.  Click **Admin** > **Groups**.
 1.  Click **Create group**.
 1.  Enter a unique name for the group. You can also enter a description.
 1.  Optional: To assign users to the group, click the toggle and choose
     the users to add.
 1.  Click **Create group**.
-<!-- vale on -->
+
 ## Add users to a group
 
 You can only add users that are

docs/platform/howto/manage-permissions.md

@@ -1,27 +1,46 @@
 ---
-title: Manage project roles and permissions
+title: Manage permissions
 ---
 
 import ConsoleLabel from "@site/src/components/ConsoleIcons"
+import {ConsoleIcon} from "@site/src/components/ConsoleIcons"
 
-You can assign project [roles and permissions](/docs/platform/concepts/permissions) to organization users, application users, and groups. This gives these users access to a specific project and its services. Each user or group can have multiple roles and a combination of roles and permissions.
+You can give users and groups access to a project and the services in it by granting them roles and permissions for that project.
 
-## Add users and groups to projects
+## Grant project permissions to a user or group
 
 1. In the project, click <ConsoleLabel name="projectpermissions"/>.
 
-1. Click **Add users** and select **Add users** or **Add groups**.
+1. Click **Grant permissions** and select **Grant to users** or **Grant to groups**.
 
 1. Select the users or groups to add to the project.
 
-1. Select a **Role**. The [role](/docs/platform/concepts/permissions)
-   will be assigned to all users in all selected groups.
+1. Select the [roles and permissions](/docs/platform/concepts/permissions) to grant.
 
-1. Click **Add users** or **Add groups**.
+1. Click **Grant permissions**.
 
 ## Change permissions for a user or group
 
-1. In the project, click **Permissions**.
-1. Find the user or group, click <ConsoleLabel name="projectpermissions"/> >
-   **Edit permissions**.
-1. Edit the permissions and click **Save changes**.
+1. In the project, click <ConsoleLabel name="projectpermissions"/>.
+
+1. For the user or group click <ConsoleLabel name="actions"/> >
+   <ConsoleIcon name="edit"/> **Edit permissions**.
+
+1. Add or remove permissions and click **Save changes**.
+
+## Remove access to a project
+
+:::important
+When you remove permissions from a user or group, service credentials are not changed.
+Users can still directly access services if they know the service credentials. To prevent
+this type of access, reset all service passwords.
+:::
+
+To remove all permissions to a project:
+
+1. In the project, click <ConsoleLabel name="projectpermissions"/>.
+
+1. For the user or group click <ConsoleLabel name="actions"/> >
+   <ConsoleIcon name="delete"/> **Remove**.
+
+1. Click **Remove user** or **Remove group** to confirm.

docs/tools/aiven-console/howto/create-manage-teams.md

@@ -98,7 +98,7 @@ Account Owners team.
 1.  Enter the name of one of the teams and assign the same users to this group. Do this
     for each team.
 
-1.  [Add each new group to the projects](/docs/platform/howto/add-groups-projects)
+1.  [Add each new group to the projects](/docs/platform/howto/manage-permissions)
     that the teams are assigned to with the same role.
 
 1.  After confirming all users have the correct level of access to the projects,

static/_redirects

@@ -35,6 +35,8 @@
 /platform/concepts/service-scaling                     https://aiven.io/docs/platform/howto/scale-services
 /platform/howto/access-service-log                     https://aiven.io/docs/platform/howto/list-monitoring
 /platform/howto/access-service-logs                    https://aiven.io/docs/platform/howto/list-monitoring
+/platform/howto/add-project-members                    https://aiven.io/docs/platform/howto/manage-permissions
+/platform/howto/add-groups-projects                    https://aiven.io/docs/platform/howto/manage-groups
 /platform/howto/billing-aws-marketplace-subscription   https://aiven.io/docs/marketplace-setup
 /platform/howto/billing-azure-marketplace-subscription https://aiven.io/docs/marketplace-setup
 /platform/howto/billing-google-cloud-platform-marketplace-subscription https://aiven.io/docs/marketplace-setup
@@ -50,6 +52,7 @@
 /platform/howto/list-billing                           https://aiven.io/docs/platform/concepts/billing-and-payment
 /platform/howto/list-billing-groups                    https://aiven.io/docs/platform/concepts/billing-groups
 /platform/howto/list-byoc                              https://aiven.io/docs/platform/concepts/byoc
+/platform/howto/list-groups                            https://aiven.io/docs/platform/howto/manage-groups
 /platform/howto/list-identity-providers                https://aiven.io/docs/platform/howto/saml/add-identity-providers
 /platform/howto/list-network                           https://aiven.io/docs/platform/concepts/cloud-security
 /platform/howto/list-user                              https://aiven.io/docs/platform/howto/manage-org-users