DOC-1809 Document Cloud Feature Group-based Access Control via OIDC

[micheleRP]

Description

This pull request single sources GBAC in Redpanda Cloud from redpanda-data/docs#1584. The changes add a GBAC doc page, update navigation and references throughout the docs, and highlight the feature in the "What's New" section.

• Added a new page gbac.adoc detailing how to configure and use Group-Based Access Control (GBAC) with OIDC groups, including learning objectives and configuration steps.
• Updated the documentation navigation (nav.adoc) to include a direct link to the new GBAC page under the security authorization section.
• Added an entry for GBAC in the "What's New" section for April 2026, describing its purpose and benefits for managing permissions at the group level via OIDC.
• Updated the cloud authorization overview to mention GBAC as a method for managing permissions, with a brief explanation and a link to the new documentation.

Antora Playbook Update:

• Changed the documentation source branch for the Redpanda documentation repository in local-antora-playbook.yml from main to gbac to ensure the new GBAC documentation is included.

Resolves https://redpandadata.atlassian.net/browse/DOC-1809
Review deadline:

Page previews

What's New
Configure Group-Based Access Control
Cloud Authorization

Checks

• New feature
• Content gap
• Support Follow-up
• Small fix (typos, links, copyedits, etc)

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request introduces Group-Based Access Control (GBAC) documentation to the Redpanda documentation site. The changes include switching the Antora content source branch from main to gbac, adding a navigation entry for the new GBAC authorization page, documenting GBAC as a new feature in the April 2026 release notes, adding a reference in the cloud authorization overview, and creating a new dedicated GBAC configuration guide page that explains cluster setup, OIDC group-to-RBAC role mapping, and group-based ACL creation.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• DOC-1637 update cloud for SR auth UI #396: Modifies the Security → Authorization navigation structure in modules/ROOT/nav.adoc, which is also updated in this PR with the GBAC entry
• Fix local playbook #463: Updates the content-source branch configuration in local-antora-playbook.yml, the same file modified here to switch from main to gbac

Suggested reviewers

• c4milo
• paulohtb6
• frenchfrywpepper
• r-vasquez

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: documenting a new cloud feature (GBAC) via OIDC, which aligns with the changeset's primary objective of adding GBAC documentation.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The pull request description is comprehensive and follows the template structure with all required sections completed, including issue reference, page previews, and checks.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch DOC-1809-Document-Cloud-Feature-Group-based-Access-Control-via-OIDC

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[netlify]

✅ Deploy Preview for rp-cloud ready!

Name	Link
🔨 Latest commit	8fc0390
🔍 Latest deploy log	https://app.netlify.com/projects/rp-cloud/deploys/69c451b49b6b7f00085bf2b7
😎 Deploy Preview	https://deploy-preview-536--rp-cloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@local-antora-playbook.yml`:
- Around line 17-18: Update the branches list for the repository URL entry so it
no longer points at the temporary gbac branch: replace the branches array that
currently includes "gbac" (branches: [gbac, v/*, shared, site-search]) with one
that uses "main" instead (branches: [main, v/*, shared, site-search]) to ensure
production builds use the main branch before merging; locate the branches array
under the URL entry for https://github.com/redpanda-data/documentation to make
this change.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 1d62f042-2641-4e77-9128-08f8de569313

📥 Commits

Reviewing files that changed from the base of the PR and between d122be8 and 8fc0390.

📒 Files selected for processing (5)

• local-antora-playbook.yml
• modules/ROOT/nav.adoc
• modules/get-started/pages/whats-new-cloud.adoc
• modules/security/pages/authorization/cloud-authorization.adoc
• modules/security/pages/authorization/gbac.adoc

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Reminder: Revert branch to main before merging.

The gbac branch is used here for local preview rendering while the corresponding docs PR (redpanda-data/docs#1584) is in progress. Per the cross-repository single-sourcing pattern, this should be reverted to main before merging so the production build continues to work correctly.

   - url: https://github.com/redpanda-data/documentation
-    branches: [gbac, v/*, shared, site-search]
+    branches: [main, v/*, shared, site-search]

Based on learnings: "The playbook is reverted to main before merging. This cross-repository single sourcing pattern is commonly used."

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- url: https://github.com/redpanda-data/documentation
	branches: [main, v/*, shared, site-search]
	branches: [gbac, v/*, shared, site-search]
	- url: https://github.com/redpanda-data/documentation
	branches: [main, v/*, shared, site-search]

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@local-antora-playbook.yml` around lines 17 - 18, Update the branches list for
the repository URL entry so it no longer points at the temporary gbac branch:
replace the branches array that currently includes "gbac" (branches: [gbac, v/*,
shared, site-search]) with one that uses "main" instead (branches: [main, v/*,
shared, site-search]) to ensure production builds use the main branch before
merging; locate the branches array under the URL entry for
https://github.com/redpanda-data/documentation to make this change.