rbac for deep search

stefanhengl · stefanhengl · commit 37876bdc5da1 · 2025-09-30T10:14:56.000+02:00
diff --git a/docs/admin/access_control/deep_search.mdx b/docs/admin/access_control/deep_search.mdx
@@ -0,0 +1,8 @@
+# Access control for Deep Search
+
+Granular controls for who can access [Deep Search](/deepsearch/) can be configured by site admins by tuning the roles assigned to users and the permissions granted to those roles. This page describes the permission types available for Deep Search, and whether they are granted by default to the **User** [system role](/admin/access_control#system-roles). All permissions are granted to the **Site Administrator** system role by default.
+
+        Name          |                                                                                                                    Description                                                                                                                     | Granted to **User** by default?
+--------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-----------------------------:
+`deep_search:read`  | <ul><li>User can see the Deep Search menu item in the top-level menu bar.</li><li>User can read their own threads and threads that are shared with them.</li></ul>                                                                                                                                                                                                                                |                ✓
+`deep_search:write` | User can create or update a Deep Search. |                ✓
diff --git a/docs/admin/access_control/index.mdx b/docs/admin/access_control/index.mdx
@@ -11,7 +11,7 @@
 
 <Callout type="note">This page refers to in-product permissions, which determine who can, for example, create a batch change, or who is a site admin. This is *not* the same as [repository permissions](/admin/permissions/), which enforces the same repository access on Sourcegraph as your code host.</Callout>
 
-Sourcegraph uses [Role-Based Access Control (RBAC)](https://en.wikipedia.org/wiki/Role-based_access_control) to enable fine-grained control over different features and abilities of Sourcegraph, without having to modify permissions for each user individually. Currently, the scope of permissions control is limited to [Batch Changes](/admin/access_control/batch_changes) functionality, but it will be expanded to other areas in the future.
+Sourcegraph uses [Role-Based Access Control (RBAC)](https://en.wikipedia.org/wiki/Role-based_access_control) to enable fine-grained control over different features and abilities of Sourcegraph, without having to modify permissions for each user individually.
 
 ## Managing roles and permissions
 
@@ -39,6 +39,7 @@ To edit the permissions granted to a role, click the role to expand it, then sel
 You can read about the specific permission types available for each RBAC-enabled product area below:
 
 - [Batch Changes](/admin/access_control/batch_changes)
+- [Deep Search](/admin/access_control/deep_search)
 - [Ownership](/admin/access_control/ownership)
 - [Service accounts](/admin/service_accounts)
 
