From 4e3953fa4bb98599ee35d40ee37bb366120609f4 Mon Sep 17 00:00:00 2001
From: Stacey Salamon <stacey.salamon@aiven.io>
Date: Wed, 20 Nov 2024 11:22:03 +0100
Subject: [PATCH] fix: gropus and permissions docs

---
 docs/get-started.md                           | 13 ++----
 docs/platform/concepts/application-users.md   | 10 ++---
 docs/platform/concepts/orgs-units-projects.md |  2 +-
 docs/platform/concepts/permissions.md         | 14 ++++---
 docs/platform/howto/add-groups-projects.md    | 23 -----------
 docs/platform/howto/add-project-members.md    | 22 ----------
 docs/platform/howto/list-groups.md            |  6 ---
 docs/platform/howto/manage-groups.md          |  9 ++--
 docs/platform/howto/manage-permissions.md     | 41 ++++++++++++++-----
 .../howto/create-manage-teams.md              |  2 +-
 static/_redirects                             |  3 ++
 11 files changed, 58 insertions(+), 87 deletions(-)
 delete mode 100644 docs/platform/howto/add-groups-projects.md
 delete mode 100644 docs/platform/howto/add-project-members.md
 delete mode 100644 docs/platform/howto/list-groups.md

diff --git a/docs/get-started.md b/docs/get-started.md
index 5e796a13c..447fabc4b 100644
--- a/docs/get-started.md
+++ b/docs/get-started.md
@@ -170,16 +170,11 @@ Add users to groups to streamline access management to your Aiven projects and s
       description="Create and add users to groups."
     />
     <Card
-      to="/docs/platform/concepts/permissions"
-      iconName="book"
-      title="Project member roles"
-      description="View project permissions you can assign to users and groups."
-    />
-    <Card
-      to="/docs/platform/howto/add-groups-projects"
+      to="/docs/platform/howto/manage-permissions"
       iconName="clipboardCheck"
-      title="Add groups to projects"
-      description="Give a group of users access to a project."
+      title="Give groups acess to projects"
+      description="Grant roles and permissions to a group of users to access a project
+      and its services."
     />
 </GridContainer>
 
diff --git a/docs/platform/concepts/application-users.md b/docs/platform/concepts/application-users.md
index ef78cf69c..72b6afa05 100644
--- a/docs/platform/concepts/application-users.md
+++ b/docs/platform/concepts/application-users.md
@@ -13,11 +13,11 @@ You must be a [super admin](/docs/platform/howto/make-super-admin) to access thi
 ## Application user permissions
 
 You [create and manage application users](/docs/platform/howto/manage-application-users)
-at the organization level. Application users are granted access to projects
-and services in the same way as organization users by adding them to
-[projects](/docs/platform/howto/add-project-members) and assigning them a role. You can
-also make application users super admin, giving them full access to your organization,
-its organizational units, projects, services, and billing and other settings.
+at the organization level and you
+[give them access to projects and services](/docs/platform/howto/manage-permissions)
+in the same way as organization users. You can also make application users super admin,
+giving them full access to your organization, its organizational units, projects,
+services, and billing and other settings.
 
 Unlike organization users, application users can't log in to the Aiven Console and the
 authentication policies don't apply to them.
diff --git a/docs/platform/concepts/orgs-units-projects.md b/docs/platform/concepts/orgs-units-projects.md
index 047a9ef3e..cc8b86008 100644
--- a/docs/platform/concepts/orgs-units-projects.md
+++ b/docs/platform/concepts/orgs-units-projects.md
@@ -29,7 +29,7 @@ Organizations also let you centrally manage settings like:
   the organization level, you can use billing groups across all projects in the
   organization and its units. You can't share billing information between organizations.
 - [Users](/docs/platform/concepts/user-access-management) and
-  [groups](/docs/platform/howto/list-groups): Managed at the organization level. You
+  [groups](/docs/platform/howto/manage-groups): Managed at the organization level. You
   can grant users and groups access at the organization and project level with
   [permissions and roles](/docs/platform/concepts/permissions).
 - [Domains](/docs/platform/howto/manage-domains) and
diff --git a/docs/platform/concepts/permissions.md b/docs/platform/concepts/permissions.md
index 8eb576069..743bf4d6c 100644
--- a/docs/platform/concepts/permissions.md
+++ b/docs/platform/concepts/permissions.md
@@ -8,12 +8,14 @@ To give users access to projects and services in your organizations, you grant t
   group of resources.
 * **Roles**: Sets of permissions that you can assign to a principal.
 
-Principals are
-[organization users](/docs/platform/howto/manage-org-users),
-[application users](/docs/platform/concepts/application-users),
-and [groups](/docs/platform/howto/list-groups).
-You can grant access to principals at the project level. You can
-[add users to services](/docs/platform/howto/create_new_service_user).
+Principals can be:
+* [Organization users](/docs/platform/howto/manage-org-users)
+* [Application users](/docs/platform/concepts/application-users)
+* [Groups](/docs/platform/howto/manage-groups)
+
+You can
+[grant access to principals at the project level](/docs/platform/howto/manage-permissions).
+You can also [add users to services](/docs/platform/howto/create_new_service_user).
 
 To grant access to resources at the organization level, you can
 make organization users [super admin](/docs/platform/howto/make-super-admin).
diff --git a/docs/platform/howto/add-groups-projects.md b/docs/platform/howto/add-groups-projects.md
deleted file mode 100644
index 67780019b..000000000
--- a/docs/platform/howto/add-groups-projects.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-title: Add groups to projects
----
-
-import ConsoleLabel from "@site/src/components/ConsoleIcons"
-
-Give [groups](/docs/platform/howto/manage-groups) of organization users access to a project and the services in it by adding groups to it. When you add a group, you grant permissions to all users in the group by assigning the group [roles and permissions](/docs/platform/concepts/permissions) for that specific project.
-
-## Add groups to a project
-
-1.  In the project, click <ConsoleLabel name="members"/>.
-1.  Click **Add groups**.
-1.  Select the groups to add to the project.
-1.  Select the **Roles** to assign to all users in the selected groups.
-1.  Click **Add groups**.
-
-You can change a group's roles or remove it from a project later from
-the <ConsoleLabel name="actions"/> for that group.
-
-## Related pages
-
-- [Manage projects](/docs/platform/howto/manage-project)
-- [Permissions](/docs/platform/concepts/permissions)
diff --git a/docs/platform/howto/add-project-members.md b/docs/platform/howto/add-project-members.md
deleted file mode 100644
index 408eadcd1..000000000
--- a/docs/platform/howto/add-project-members.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-title: Add users and groups to projects
----
-
-import ConsoleLabel from "@site/src/components/ConsoleIcons"
-
-<!-- vale off -->
-You can give [users in your organization](/docs/platform/howto/manage-groups) access to a project and the services in it by adding them to the project.
-
-Users can be added individually or as part of a user
-[group](/docs/platform/howto/list-groups):
-
-1. In the project, click <ConsoleLabel name="projectpermissions"/>.
-
-1. Click **Add users** and select **Add users** or **Add groups**.
-
-1. Select the users or groups to add to the project.
-
-1. Select a **Role**. The [role](/docs/platform/concepts/permissions)
-   will be assigned to all users in all selected groups.
-
-1. Click **Add users** or **Add groups**.
diff --git a/docs/platform/howto/list-groups.md b/docs/platform/howto/list-groups.md
deleted file mode 100644
index c8a2a4778..000000000
--- a/docs/platform/howto/list-groups.md
+++ /dev/null
@@ -1,6 +0,0 @@
----
-title: Groups
----
-
-Browse through instructions for common admin tasks related to managing
-your organization's user groups.
diff --git a/docs/platform/howto/manage-groups.md b/docs/platform/howto/manage-groups.md
index ef2d10d3f..73d2ad8c1 100644
--- a/docs/platform/howto/manage-groups.md
+++ b/docs/platform/howto/manage-groups.md
@@ -4,19 +4,22 @@ title: Manage groups of users
 
 import ConsoleLabel from "@site/src/components/ConsoleIcons"
 
-Create groups of users in your organization to make it easier to [give users with similar roles access to projects](/docs/platform/howto/add-groups-projects).
+Create groups of users in your organization to make it easier to manage access to your organization's resources.
+
+You can [grant permissions](/docs/platform/howto/manage-permissions) to groups
+for projects, giving them the right level of access to the project and its services.
 
 ## Create a group
 
 To create a group in an organization:
-<!-- vale off -->
+
 1.  Click **Admin** > **Groups**.
 1.  Click **Create group**.
 1.  Enter a unique name for the group. You can also enter a description.
 1.  Optional: To assign users to the group, click the toggle and choose
     the users to add.
 1.  Click **Create group**.
-<!-- vale on -->
+
 ## Add users to a group
 
 You can only add users that are
diff --git a/docs/platform/howto/manage-permissions.md b/docs/platform/howto/manage-permissions.md
index 8397797d4..f51fb475b 100644
--- a/docs/platform/howto/manage-permissions.md
+++ b/docs/platform/howto/manage-permissions.md
@@ -1,27 +1,46 @@
 ---
-title: Manage project roles and permissions
+title: Manage permissions
 ---
 
 import ConsoleLabel from "@site/src/components/ConsoleIcons"
+import {ConsoleIcon} from "@site/src/components/ConsoleIcons"
 
-You can assign project [roles and permissions](/docs/platform/concepts/permissions) to organization users, application users, and groups. This gives these users access to a specific project and its services. Each user or group can have multiple roles and a combination of roles and permissions.
+You can give users and groups access to a project and the services in it by granting them roles and permissions for that project.
 
-## Add users and groups to projects
+## Grant project permissions to a user or group
 
 1. In the project, click <ConsoleLabel name="projectpermissions"/>.
 
-1. Click **Add users** and select **Add users** or **Add groups**.
+1. Click **Grant permissions** and select **Grant to users** or **Grant to groups**.
 
 1. Select the users or groups to add to the project.
 
-1. Select a **Role**. The [role](/docs/platform/concepts/permissions)
-   will be assigned to all users in all selected groups.
+1. Select the [roles and permissions](/docs/platform/concepts/permissions) to grant.
 
-1. Click **Add users** or **Add groups**.
+1. Click **Grant permissions**.
 
 ## Change permissions for a user or group
 
-1. In the project, click **Permissions**.
-1. Find the user or group, click <ConsoleLabel name="projectpermissions"/> >
-   **Edit permissions**.
-1. Edit the permissions and click **Save changes**.
+1. In the project, click <ConsoleLabel name="projectpermissions"/>.
+
+1. For the user or group click <ConsoleLabel name="actions"/> >
+   <ConsoleIcon name="edit"/> **Edit permissions**.
+
+1. Add or remove permissions and click **Save changes**.
+
+## Remove access to a project
+
+:::important
+When you remove permissions from a user or group, service credentials are not changed.
+Users can still directly access services if they know the service credentials. To prevent
+this type of access, reset all service passwords.
+:::
+
+To remove all permissions to a project:
+
+1. In the project, click <ConsoleLabel name="projectpermissions"/>.
+
+1. For the user or group click <ConsoleLabel name="actions"/> >
+   <ConsoleIcon name="delete"/> **Remove**.
+
+1. Click **Remove user** or **Remove group** to confirm.
diff --git a/docs/tools/aiven-console/howto/create-manage-teams.md b/docs/tools/aiven-console/howto/create-manage-teams.md
index e1c5d12d9..9069a89bb 100644
--- a/docs/tools/aiven-console/howto/create-manage-teams.md
+++ b/docs/tools/aiven-console/howto/create-manage-teams.md
@@ -98,7 +98,7 @@ Account Owners team.
 1.  Enter the name of one of the teams and assign the same users to this group. Do this
     for each team.
 
-1.  [Add each new group to the projects](/docs/platform/howto/add-groups-projects)
+1.  [Add each new group to the projects](/docs/platform/howto/manage-permissions)
     that the teams are assigned to with the same role.
 
 1.  After confirming all users have the correct level of access to the projects,
diff --git a/static/_redirects b/static/_redirects
index 6e22ddd87..d6909acae 100644
--- a/static/_redirects
+++ b/static/_redirects
@@ -35,6 +35,8 @@
 /platform/concepts/service-scaling                     https://aiven.io/docs/platform/howto/scale-services
 /platform/howto/access-service-log                     https://aiven.io/docs/platform/howto/list-monitoring
 /platform/howto/access-service-logs                    https://aiven.io/docs/platform/howto/list-monitoring
+/platform/howto/add-project-members                    https://aiven.io/docs/platform/howto/manage-permissions
+/platform/howto/add-groups-projects                    https://aiven.io/docs/platform/howto/manage-groups
 /platform/howto/billing-aws-marketplace-subscription   https://aiven.io/docs/marketplace-setup
 /platform/howto/billing-azure-marketplace-subscription https://aiven.io/docs/marketplace-setup
 /platform/howto/billing-google-cloud-platform-marketplace-subscription https://aiven.io/docs/marketplace-setup
@@ -50,6 +52,7 @@
 /platform/howto/list-billing                           https://aiven.io/docs/platform/concepts/billing-and-payment
 /platform/howto/list-billing-groups                    https://aiven.io/docs/platform/concepts/billing-groups
 /platform/howto/list-byoc                              https://aiven.io/docs/platform/concepts/byoc
+/platform/howto/list-groups                            https://aiven.io/docs/platform/howto/manage-groups
 /platform/howto/list-identity-providers                https://aiven.io/docs/platform/howto/saml/add-identity-providers
 /platform/howto/list-network                           https://aiven.io/docs/platform/concepts/cloud-security
 /platform/howto/list-user                              https://aiven.io/docs/platform/howto/manage-org-users