RHIDP-6217: Updates in Topology RBAC permissions (#1081)

Author: hmanwani-rh

modules/authorization/ref-rbac-permission-policies.adoc

@@ -183,6 +183,16 @@ Kubernetes permissions::
 |Policy
 |Description
 
+|`kubernetes.clusters.read`
+|
+|`read`
+|Allows a user to read Kubernetes cluster details under the `/clusters` path
+
+|`kubernetes.resources.read`
+|
+|`read`
+|Allows a user to read information about Kubernetes resources located at `/services/:serviceId` and `/resources`
+
 |`kubernetes.proxy`
 |
 |`use`
@@ -241,13 +251,45 @@ Topology permissions::
 |Policy
 |Description
 
-|`topology.view.read`
+|`kubernetes.clusters.read`
 |
 |`read`
-|Allows a user or role to view the topology plugin
+|Allows a user to read Kubernetes cluster details under the `/clusters` path
+
+|`kubernetes.resources.read`
+|
+|`read`
+|Allows a user to read information about Kubernetes resources located at `/services/:serviceId` and `/resources`
 
 |`kubernetes.proxy`
 |
 |`use`
 |Allows a user or role to access the proxy endpoint, allowing the user or role to read pod logs and events within {product-very-short}
 |===
+
+
+Tekton permissions::
+
+.Tekton permissions
+[cols="15%,25%,15%,45%", frame="all", options="header"]
+|===
+|Name
+|Resource type
+|Policy
+|Description
+
+|`kubernetes.clusters.read`
+|
+|`read`
+|Allows a user to read Kubernetes cluster details under the `/clusters` path
+
+|`kubernetes.resources.read`
+|
+|`read`
+|Allows a user to read information about Kubernetes resources located at `/services/:serviceId` and `/resources`
+
+|`kubernetes.proxy`
+|
+|`use`
+|Allows a user or role to access the proxy endpoint, allowing the user or role to read pod logs and events within {product-very-short}
+|===

modules/dynamic-plugins/proc-enable-users-to-use-topology-plugin.adoc

@@ -3,7 +3,7 @@
 
 The Topology plugin is defining additional permissions. When link:{authorization-book-url}[{authorization-book-title}] is enabled, to enable users to use the Topology plugin, grant them:
 
-* The `topology.view.read` `read` permission to view the Topology panel.
+* The `kubernetes.clusters.read` and `kubernetes.resources.read`, `read` permissions to view the Topology panel.
 * The `kubernetes.proxy` `use` permission to view the pod logs.
 * The `catalog-entity` `read` permission to view the {product} software catalog items.
 
@@ -16,7 +16,8 @@ The Topology plugin is defining additional permissions. When link:{authorization
 [source]
 ----
 g, user:default/<YOUR_USERNAME>, role:default/topology-viewer
-p, role:default/topology-viewer, topology.view.read, read, allow <1>
+p, role:default/topology-viewer, kubernetes.clusters.read, read, allow <1>
+p, role:default/topology-viewer, kubernetes.resources.read, read, allow <1>
 p, role:default/topology-viewer, kubernetes.proxy, use, allow <2>
 p, role:default/topology-viewer, catalog-entity, read, allow <3>
 ----