[v15] Refactor the Database Object Permissions guide (#42361)

* Refactor the Database Object Permissions guide Closes #41917 Merge the Database Object Permissions guide into the Database Access RBAC guide for greater discoverability and a clearer division of labor between the two guides. This change also includes the following edits to make the refactor cleaner, since we can include each troubleshooting step as a separate H3 in the dateabase object permissions H2: - Remove an unnecessary troubleshooting step: One step indicates that import rules are validated, which is unnecessary to document, since validation errors are self explanatory. - Instead of mentioning the admin user as a troubleshooting step, add a separate H3 for the admin user and describe the `admin_user` field, which was not mentioned in the original database object permissions guide. * Respond to Tener feedback - Clarify the placing of the `admin_user` field * Restore intro section Per Tener and r0mant feedback, integrate the introduction from the Database Access Controls page into the newly merged RBAC guide. Frame Database Access Controls as encompassing both databases and database objects. * Respond to r0mant feedback * Fix spelling * Fix linter issues
gravitational · Jun 4, 2024 · fc44c42 · fc44c42
1 parent fd4fb26
commit fc44c42
Show file tree

Hide file tree

Showing 6 changed files with 272 additions and 234 deletions.
diff --git a/docs/config.json b/docs/config.json
@@ -1554,10 +1554,6 @@
             {
               "title": "PostgreSQL",
               "slug": "/database-access/auto-user-provisioning/postgres/"
-            },
-            {
-              "title": "Database Access Controls",
-              "slug": "/database-access/auto-user-provisioning/database-access-controls/"
             }
           ]
         },

diff --git a/docs/pages/database-access/auto-user-provisioning.mdx b/docs/pages/database-access/auto-user-provisioning.mdx
@@ -5,8 +5,6 @@ description: Configure automatic user provisioning for databases.
 
 (!docs/pages/includes/database-access/auto-user-provisioning/intro.mdx!)
 
-Automatically created users will either receive a predefined set of roles, or can be granted permissions to specific database objects based on their required level of access using [Database Access Controls](./auto-user-provisioning/database-access-controls.mdx) feature.
-
 Currently, automatic user provisioning is supported for the following databases:
 - [PostgreSQL databases (self-hosted and AWS RDS)](./auto-user-provisioning/postgres.mdx)
 - [MySQL databases (self-hosted and AWS RDS)](./auto-user-provisioning/mysql.mdx)

diff --git a/docs/pages/database-access/auto-user-provisioning/database-access-controls.mdx b/docs/pages/database-access/auto-user-provisioning/database-access-controls.mdx
diff --git a/docs/pages/database-access/auto-user-provisioning/postgres.mdx b/docs/pages/database-access/auto-user-provisioning/postgres.mdx
@@ -61,7 +61,7 @@ to ensure that your configuration is correct.
 </Tabs>
 
 <Admonition type="note" title="Database Access Controls for `teleport-admin`">
-When [Database Access Controls](./database-access-controls.mdx) feature is in use, the `teleport-admin` should have permissions to relevant database objects. For example:
+When [Database Access Controls](../rbac.mdx) feature is in use, the `teleport-admin` should have permissions to relevant database objects. For example:
 
 ```sql
 GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA schema1, schema2, schema3 TO "teleport-admin";
@@ -148,7 +148,7 @@ version: v7
 
 You can define your own labels for database objects, applying them based on customizable import rules. These custom labels, such as `owner` or `environment`, can then be utilized when granting permissions.
 
-For additional information, refer to the [Database Access Controls](./database-access-controls.mdx) page.
+For additional information, refer to the [Database Access Controls](../rbac.mdx) page.
 
 </TabItem>
 </Tabs>