docs: user access (#413)

* docs: new procedure to assign principal viewer role

Signed-off-by: prmellor <[email protected]>

* docs: new procedure to assign principal viewer role

Signed-off-by: prmellor <[email protected]>

* docs: new procedure to assign principal viewer role

Signed-off-by: prmellor <[email protected]>

* remove the version-specfic path

Signed-off-by: prmellor <[email protected]>

* review edits SR

Signed-off-by: prmellor <[email protected]>

* review edit PM

Signed-off-by: prmellor <[email protected]>

* review edits EP

Signed-off-by: prmellor <[email protected]>

* review edits RK

Signed-off-by: prmellor <[email protected]>

* change link title

Signed-off-by: prmellor <[email protected]>

Author: PaulRMellor

docs/kafka/access-mgmt-kafka/README.adoc

@@ -221,6 +221,8 @@ In {product-kafka}, you can create Access Control Lists (ACLs) in your Kafka ins
 
 .. Click *Manage access*.
 .. In the *Account* drop-down menu, select the new user account or service account that you want to set permissions for. You can also select *All accounts* to set permissions for all user accounts and service accounts in the organization.
++
+If you don't see users in the drop-down list, ask your organization administrator to grant access to view other user accounts. For more information, see {base-url}{access-mgmt-url-kafka}#proc-user-account-access_managing-access[Allowing users to view other user accounts].
 .. Click *Next*.
 +
 --
@@ -476,6 +478,37 @@ h|Operations
 |===
 --
 
+[id="proc-user-account-access_{context}"]
+== Allowing users to view other user accounts
+
+[role="_abstract"]
+As an organization administrator, you can use Role-Based Access Control (RBAC) to allow users to view other users in an organization.
+
+You set up access by assigning a predefined role called `User Access principal viewer` to a user group.
+By assigning the role, users within the group are able to do the following:
+
+* View and select other users when changing owners and managing access to Kafka instances in the web console
+* Specify user names when using the `rhoas` CLI for {product-long-kafka}
+
+.Prerequisites
+* You're logged into the {org-name} web console as an organization administrator.
+* A user group contains the users to assign the role to.
+
+NOTE: If you want to add the `User Access principal viewer` role to a single user, create a new group for that user only.
+
+ifndef::community[]
+For more information on setting up user access in the web console, see the link:https://access.redhat.com/documentation/en-us/red_hat_hybrid_cloud_console/[_User Access Configuration Guide for Role-based Access Control (RBAC)_^].
+endif::[]
+
+.Procedure
+
+. In the upper-right corner of the {product-kafka} web console, select the gear icon, and click *Settings* > *User Access* > *Groups*
+. Click the name of the user group.
+. From the *Roles* tab, click *Add role* and select `User Access principal viewer` to add the role to the group.
+. Click *Add to group* to add the role to the group.
++
+The role is added to the list of selected roles on the *Roles* tab.
+
 [role="_additional-resources"]
 .Additional resources
 * {base-url}{getting-started-url-kafka}[_Getting started with {product-long-kafka}_^]

docs/kafka/getting-started-kafka/README.adoc

@@ -255,6 +255,7 @@ ifndef::qs[]
 
 [role="_additional-resources"]
 .Additional resources
+* {base-url}{access-mgmt-url-kafka}[_Managing account access in {product-long-kafka}_^]
 * link:https://kafka.apache.org/documentation/#security_authz[Authorization and ACLs^] in Kafka documentation
 endif::[]