rbac for deep search

Author: stefanhengl

docs/admin/access_control/deep_search.mdx

@@ -0,0 +1,8 @@
+# Access control for Deep Search
+
+Granular controls for who can access [Deep Search](/deepsearch/) can be configured by site admins by tuning the roles assigned to users and the permissions granted to those roles. This page describes the permission types available for Deep Search, and whether they are granted by default to the **User** [system role](/admin/access_control#system-roles). All permissions are granted to the **Site Administrator** system role by default.
+
+        Name          |                                                                                                                    Description                                                                                                                     | Granted to **User** by default?
+--------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-----------------------------:
+`deep_search:read`  | <ul><li>User can see the Deep Search menu item in the top-level menu bar.</li><li>User can read their own threads and threads that are shared with them.</li></ul>                                                                                                                                                                                                                                |                ✓
+`deep_search:write` | User can create or update a Deep Search. |                ✓

docs/admin/access_control/index.mdx

@@ -11,7 +11,7 @@
 
 <Callout type="note">This page refers to in-product permissions, which determine who can, for example, create a batch change, or who is a site admin. This is *not* the same as [repository permissions](/admin/permissions/), which enforces the same repository access on Sourcegraph as your code host.</Callout>
 
-Sourcegraph uses [Role-Based Access Control (RBAC)](https://en.wikipedia.org/wiki/Role-based_access_control) to enable fine-grained control over different features and abilities of Sourcegraph, without having to modify permissions for each user individually. Currently, the scope of permissions control is limited to [Batch Changes](/admin/access_control/batch_changes) functionality, but it will be expanded to other areas in the future.
+Sourcegraph uses [Role-Based Access Control (RBAC)](https://en.wikipedia.org/wiki/Role-based_access_control) to enable fine-grained control over different features and abilities of Sourcegraph, without having to modify permissions for each user individually.
 
 ## Managing roles and permissions
 
@@ -39,6 +39,7 @@ To edit the permissions granted to a role, click the role to expand it, then sel
 You can read about the specific permission types available for each RBAC-enabled product area below:
 
 - [Batch Changes](/admin/access_control/batch_changes)
+- [Deep Search](/admin/access_control/deep_search)
 - [Ownership](/admin/access_control/ownership)
 - [Service accounts](/admin/service_accounts)
 

docs/deep-search/index.mdx

@@ -60,10 +60,13 @@ Conversation sharing is disabled by default. To enable conversation sharing, ask
 },
 ```
 
-
-### Custom model configuration and BYOK (Bring Your Own Key) 
+### Custom model configuration and BYOK (Bring Your Own Key)
 Deep Search is only available to customers using Sourcegraph’s built-in model gateway. Customers who configure and access their own models via BYOK cannot use the Deep Search feature.
 
-## API access
+## Access control
+
+Deep Search is [RBAC-enabled](/admin/access_control/). By default, all users have full read and write access for Deep Search, but this can be restricted by changing the default role permissions or by creating new custom roles.
+
+## API
 
 For programmatic access to Deep Search functionality, see the [Deep Search API documentation](/deep-search/api).