Skip to content
Last updated

Configure RBAC for navigation

If you have a page in your project that you only want certain teams to be able to access, you can also limit access to any links to that page in navigation menus. Navigation menus include links as items that can be part of groups. Group RBAC configurations apply to all items listed in the group, whereas individual link RBAC configurations only apply to that specific item. To set permissions for links or groups in navigation menus, you must add the rbac configuration option for them to either:

  • your redocly.yaml file for links or groups in the navbar or footer menus
  • your sidebars.yaml file for links or groups in the sidebar menu

To specify permissions for a link or group in the navbar or footer, add the item's RBAC configuration in the redocly.yaml file.

In the following redocly.yaml RBAC configuration examples, the link to visible-link.md is visible to all users:

navbar example

navbar:
  items:
    - label: Protected page
      page: visible-link.md
      rbac:
        '*': read

footer example

footer:
  copyrightText: Copyright © Redocly 2019-2020. All right reserved.
  items:
    - group: Support
      items:
        - label: Protected page
          page: visible-link.md
          rbac:
            '*': read

You can also control group visibility by adding the rbac configuration to the group.

In the following redocly.yaml RBAC configuration examples, the link to invisible-link.md is not visible to all users:

navbar example

navbar:
  items:
    - group: Protected group
      rbac:
        '*': none
      items:
        - label: Visible page
          page: invisible-link.md

footer example

footer:
  copyrightText: Copyright © Redocly 2019-2020. All right reserved.
  items:
    - group: Hidden Support Group
      rbac:
        '*': none
      items:
        - label: Visible page
          page: invisible-link.md
Invisible is not private

Making the navigation links not visible does not protect the content if the user has a direct link to it.

In the sidebar

To specify permissions for a link or group in the sidebar, add the item's rbac configuration to the sidebars.yaml file.

In the following sidebars.yaml RBAC configuration example, the link to visible-link.md is visible in the sidebar to all users:

- page: ../visible-link.md
  label: Protected page
  rbac:
    '*': read

In the following sidebars.yaml RBAC configuration example, the link to invisible-link.md is not visible in the sidebar to all users:

- group: Hidden group
  rbac:
    '*': none
  items:
    - page: ../invisible-link.md
      label: Protected page
Invisible is not private

Making the navigation links not visible does not protect the content if the user has a direct link to it.

Pages that are hidden by RBAC configuration do not generate sidebar links. If all pages in a group are hidden, the sidebar group is also hidden.

Resources

  • RBAC concepts - Understand how role-based access control works and the relationship between roles, teams, and navigation permissions
  • RBAC configuration guide - Complete step-by-step instructions for implementing RBAC across your documentation project, including navigation setup
  • RBAC configuration reference - Detailed configuration options and syntax for setting up role-based access control in navigation files
  • OpenAPI RBAC extension - Apply RBAC permissions to specific objects and sections within your OpenAPI reference documentation
 
Next page