MM-66625 - drop EnableChannelScopeAccessControl config

[pvev]

Summary

Update documentation to reflect removal of redundant EnableChannelScopeAccessControl setting. Channel-level ABAC access is now controlled solely by the EnableAttributeBasedAccessControl config. Clarifies the System Console path for enabling ABAC system-wide.

References: Merged PR #35232 - Removes redundant EnableChannelScopeAccessControl configuration

Ticket Link

https://mattermost.atlassian.net/browse/MM-66625

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation update to the ABAC channel access rules guide. Replaced two configuration-specific system-level ABAC enablement statements with a single, simplified UI path reference in System Console > System Attributes > Attribute-Based Access, whilst maintaining all other prerequisite conditions.

Changes

Cohort / File(s)	Summary
Documentation Update source/administration-guide/manage/admin/abac-channel-access-rules.rst	Simplified prerequisite documentation by replacing configuration-specific ABAC enablement statements with a direct UI navigation path reference.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly references the ticket MM-66625 and clearly identifies the main change as removing the EnableChannelScopeAccessControl configuration setting, which aligns with the documented changes.
Description check	✅ Passed	The description clearly explains the purpose of the documentation update, references the removal of EnableChannelScopeAccessControl, and mentions the related backend PR and ticket, all of which align with the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch MM-66625-drop-EnableChannelScopeAccessControl-config

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

source/administration-guide/manage/admin/abac-channel-access-rules.rst (1)

21-21: ⚠️ Potential issue | 🟡 Minor

Add security note about user-managed attributes in ABAC rules for documentation consistency.

The prerequisites section omits important security information about EnableUserManagedAttributes that is included in other ABAC documentation files (abac-system-wide-policies.rst, attribute-based-access-control.rst, and user-attributes.rst). All these files document that from Mattermost v10.11, user-managed attributes are excluded from ABAC rules by default for security reasons, and that admins must explicitly enable the EnableUserManagedAttributes configuration setting to include them.

Since this file does not mention this security consideration, add a note after line 21 consistent with the security information in other ABAC files. Cross-references alone are insufficient—other ABAC documentation includes both the UI path and the security note about user-managed attributes directly in their prerequisites sections.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@source/administration-guide/manage/admin/abac-channel-access-rules.rst` at
line 21, Add a security note after the prerequisites sentence that references
the System Console path ("System Console > System Attributes > Attribute-Based
Access") and states that since Mattermost v10.11 user-managed attributes are
excluded from ABAC rules by default for security reasons and admins must
explicitly enable the EnableUserManagedAttributes configuration to include them;
mirror the language used in abac-system-wide-policies.rst and
attribute-based-access-control.rst so the prerequisite section contains both the
UI path and the explicit security note about EnableUserManagedAttributes.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@source/administration-guide/manage/admin/abac-channel-access-rules.rst`:
- Line 21: Add a security note after the prerequisites sentence that references
the System Console path ("System Console > System Attributes > Attribute-Based
Access") and states that since Mattermost v10.11 user-managed attributes are
excluded from ABAC rules by default for security reasons and admins must
explicitly enable the EnableUserManagedAttributes configuration to include them;
mirror the language used in abac-system-wide-policies.rst and
attribute-based-access-control.rst so the prerequisite section contains both the
UI path and the explicit security note about EnableUserManagedAttributes.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 914d5eb5-61bc-40a3-9a53-39ba2cfcbb7c

📥 Commits

Reviewing files that changed from the base of the PR and between 997af1e and 48fd743.

📒 Files selected for processing (1)

• source/administration-guide/manage/admin/abac-channel-access-rules.rst

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 48fd743

[Combs7th]

@esethna - This one should be ready to go, covering PR #66625: mattermost/mattermost#35232

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 9fa0888

[esethna]

@pvev minor note for future: please base your changes off the docs branch for the 11.6 (or appropriate) version :)

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA af4cac2