DOC-1200 Unified impersonation in Cloud (#370)

* DOC-1200 Unified impersonation in Cloud

# Conflicts:
#	modules/security/pages/cloud-authentication.adoc

* add glossterms

* minor edit

* add to list of beta features

* DOC-1200 Unified impersonation in Cloud

# Conflicts:
#	modules/security/pages/cloud-authentication.adoc

# Conflicts:
#	modules/security/pages/cloud-authentication.adoc

* update edits

* fix links

* what's new for Nov

# Conflicts:
#	modules/get-started/pages/whats-new-cloud.adoc

# Conflicts:
#	modules/get-started/pages/whats-new-cloud.adoc

# Conflicts:
#	modules/get-started/pages/whats-new-cloud.adoc

* remove beta

* add custom roles in control plane

* remove custom roles

this will go in a separate PR in January

* fix what's new

Author: micheleRP

local-antora-playbook.yml

@@ -37,7 +37,6 @@ asciidoc:
   - '@redpanda-data/docs-extensions-and-macros/macros/config-ref'
   - '@redpanda-data/docs-extensions-and-macros/macros/helm-ref'
   - '@redpanda-data/docs-extensions-and-macros/asciidoc-extensions/add-line-numbers-highlights'
-  - '@redpanda-data/docs-extensions-and-macros/macros/badge'
 antora:
   extensions:
   - require: '@redpanda-data/docs-extensions-and-macros/extensions/generate-rp-connect-info'

modules/get-started/pages/whats-new-cloud.adoc

@@ -22,6 +22,12 @@ Shadowing is supported on BYOC and Dedicated clusters running Redpanda version 2
 
 You can now view and export metrics from Serverless clusters to third-party monitoring systems like Prometheus and Grafana. See xref:manage:monitor-cloud.adoc[Monitor Redpanda Cloud] for details on configuring monitoring for your Serverless cluster and xref:reference:public-metrics-reference.adoc[Metrics Reference] for a list of metrics available in Serverless.
 
+=== User impersonation
+
+BYOC and Dedicated clusters now support unified authentication and authorization between the Redpanda Cloud UI and Redpanda with xref:security:cloud-authentication.adoc#user-impersonation[user impersonation]. This means you can authenticate to fine-grained access within Redpanda using the same credentials you use to authenticate to Redpanda Cloud. 
+
+With user impersonation, the topics users see in the UI are identical to what they can access with the Cloud API or `rpk`, ensuring consistent permissions across all interfaces and clear auditing of data plane user actions.
+
 === Redpanda Connect updates
 
 * Tracers:

modules/security/pages/authorization/rbac/rbac.adoc

@@ -1,7 +1,7 @@
 = Configure RBAC in the Control Plane
 :description: Configure RBAC to manage access to organization-level resources like clusters, resource groups, and networks.
 
-Use Redpanda Cloud role-based access control (RBAC) in the glossterm:control plane[] to manage and restrict access to resources in your organization. For example, you could grant everyone access to clusters in a development resource group while limiting access to clusters in a production resource group. Or, you could limit access to geographically-dispersed clusters in accordance with data residency laws.
+Use Redpanda Cloud role-based access control (RBAC) in the glossterm:control plane[] to manage and restrict access to resources in your organization. For example, you could grant everyone in your organization access to clusters in a development resource group while limiting access to clusters in a production resource group. Or, you could limit access to geographically-dispersed clusters in accordance with data residency laws.
 
 The following resources can be assigned as the scope of a role: 
 
@@ -11,7 +11,7 @@ The following resources can be assigned as the scope of a role:
 - Network peerings
 - Clusters (Serverless clusters have a different set of permissions from BYOC and Dedicated clusters.) 
 
-NOTE: Topics are not included.
+NOTE: Topics are not included. For topic-level access control, see xref:security:authorization/rbac/rbac_dp[Configure RBAC in the Data Plane].
 
 You can manage these RBAC configurations with the https://cloud.redpanda.com[Redpanda Cloud UI^] or with the link:/api/doc/cloud-controlplane/[Control Plane API].
 

modules/security/pages/authorization/rbac/rbac_dp.adoc

@@ -1,5 +1,5 @@
 = Configure RBAC in the Data Plane
-:description: Configure RBAC to manage cluster-level permissions for provisioned users.
+:description: Configure RBAC to manage access for provisioned users to cluster-level resources, like topics and consumer groups.
 
 Use role-based access control (RBAC) in the glossterm:data plane[] to configure cluster-level permissions for provisioned users at scale. RBAC works in conjunction with all supported authentication methods.