Merge pull request #6331 from influxdata/feature/cloud-dedicated-user-management-docs

feat: add user management documentation for InfluxDB Cloud Dedicated Admin UI

content/influxdb3/cloud-dedicated/admin/users/_index.md

@@ -3,7 +3,7 @@ title: Manage users
 seotitle: Manage users and permissions in InfluxDB Cloud Dedicated
 description: >
   Manage users and access to resources in your InfluxDB Cloud Dedicated cluster.
-  Assign user groups for role-based access control and security.
+  Use the Admin UI for self-service user management or contact support for advanced operations
 menu:
   influxdb3_cloud_dedicated:
     parent: Administer InfluxDB Cloud
@@ -24,7 +24,7 @@ Attribute-Based Access Control (ABAC) security model which grants access based o
 user attributes, resource types, and environment context.
 
 - [Available user groups](#available-user-groups)
-- [Manage users](#manage-users)
+- [User management methods](#user-management-methods)
 
 ## Available user groups
 
@@ -46,45 +46,29 @@ A user can belong to the following groups, each with predefined privileges:
 > in your account are initially assigned to the Admin group, retaining full
 > access to resources in your cluster.
 
-## Manage users
+## User management methods
 
-- [Assign a user to a different group](#assign-a-user-to-a-different-group)
+Choose the appropriate method for your user management needs:
-- [Invite a user to your account](#invite-a-user-to-your-account)
 
-### Assign a user to a different group
+### Admin UI (Self-service)
+Use the Admin UI for user management tasks (available to Admin users only):
 
-To assign existing users in your account to different
+- **View users and invitations** - View existing users, invite status, invite ID, and invitation date
-groups, [contact InfluxData support](https://support.influxdata.com/s/login/)
+- **Invite new users** - Send invitations with role assignment (Admin, Member, Auditor)
-and provide the list of users and the desired [user groups](#available-user-groups)
+- **Revoke pending invitations** - Cancel invitations that haven't been accepted
-for each.
 
-### Invite a user to your account
+> [!Note] 
+> #### Role permissions
+>
+> Auditor role users can view the invite list but cannot send or revoke invitations. Member role users cannot access the invite list.
 
-For new users that you want to add to your account, the InfluxData Support Team
+For more information, see [Manage users in the Admin UI](/influxdb3/cloud-dedicated/admin/users/admin-ui/).
-configures invitations with the attributes and groups that you specify. 
 
-1. [Contact InfluxData support](https://support.influxdata.com/s/login/)
+### Contact support (Advanced operations)
-   to invite a user to your account.
+For operations not available in the Admin UI:
-   In your request, provide the user details, including email address, desired
-   [user groups](#available-user-groups), and other attributes for the user.
-2. InfluxData support creates the user account and emails the user an invitation
-   that includes following:
 
-   - A login URL to authenticate access to the cluster
+- View or change user roles after invitation acceptance
-   - The {{% product-name %}} **account ID**
+- Remove accepted users from your account
-   - The {{% product-name %}} **cluster ID**
+- Advanced user configurations
-   - The {{% product-name %}} **cluster URL**
-   - A password reset email for setting the login password
 
-3. The user accepts the invitation to your account
+{{< children >}}
-
-With a valid password, the user can access cluster resources by interacting with the
-[`influxctl`](/influxdb3/cloud-dedicated/reference/influxctl/) command line tool.
-The assigned user groups determine the user's access to resources.
-
-> [!Note]
-> #### Use database tokens to authorize data reads and writes
-> 
-> In {{% product-name %}}, user groups control access for managing cluster resources.
-> [Database tokens](/influxdb3/cloud-dedicated/admin/tokens/database/) control access
-> for reading and writing data in cluster databases.

content/influxdb3/cloud-dedicated/admin/users/admin-ui.md

@@ -0,0 +1,125 @@
+---
+title: Manage users in the Admin UI
+seotitle: Manage users in InfluxDB Cloud Dedicated Admin UI
+description: >
+  Use the InfluxDB Cloud Dedicated Admin UI to view users, send invitations, assign roles, 
+  and manage user access to your cluster. Learn how to invite new users, revoke invitations, 
+  and understand role-based permissions.
+menu:
+  influxdb3_cloud_dedicated:
+    parent: Manage users
+    name: Admin UI
+weight: 201
+influxdb3/cloud-dedicated/tags: [users, admin ui, invitations, roles]
+related:
+  - /influxdb3/cloud-dedicated/admin/users/
+  - /influxdb3/cloud-dedicated/reference/internals/security/
+  - /influxdb3/cloud-dedicated/admin/tokens/
+---
+
+Use the {{% product-name %}} Admin UI to manage users and control access to your cluster through a web-based interface. The Admin UI provides self-service user management capabilities, allowing administrators to invite new users, assign roles, and manage invitations without contacting support.
+
+- [Access the Users page](#access-the-users-page)
+- [View existing users](#view-existing-users)
+- [Invite a user](#invite-a-user)
+- [Manage invitations](#manage-invitations)
+- [User roles and permissions](#user-roles-and-permissions)
+- [Limitations](#limitations)
+
+## Access the Users page
+
+1. Access the {{% product-name %}} Admin UI at [console.influxdata.com](https://console.influxdata.com).
+   If you don't have login credentials, [contact InfluxData support](https://support.influxdata.com).
+2. Log in using the credentials provided by InfluxData.
+3. From the Account Management portal, select your cluster.
+4. In the cluster resource management view, click **Users** in the navigation.
+
+The Users page displays your account information and a table of existing users and invitations.
+
+## View existing users
+
+The Users page shows a comprehensive view of all users and pending invitations for your account:
+
+- **Invite ID**: Unique identifier for each user invitation
+- **Email**: Email address of the invited or existing user  
+- **Invited At**: Date and time when the invitation was sent
+- **Status**: Current status of the invitation
+  - `accepted`: User has accepted the invitation and has access to the cluster
+  - `expired`: Invitation has expired and is no longer valid
+  - `revoked`: Invitation has been manually revoked by an administrator
+
+Use the search functionality to quickly find specific users by email address or invitation details.
+
+## Invite a user
+
+Only users with the **Admin** role can send new invitations.
+
+1. On the Users page, click **{{< icon "plus" >}} Invite Users**.
+2. In the **Invite User** dialog:
+   - Enter the **email address** of the user you want to invite
+   - Select the appropriate **role** from the dropdown menu:
+     - **Admin**: Full read and write permissions on all resources
+     - **Member**: Read permission on certain resources and create permission for database tokens
+     - **Auditor**: Read permission on all resources without modification capabilities
+3. Click **Send Invitation**.
+
+An invitation email with an activation link is sent to the specified email address. The user must accept the invitation to gain access to your {{% product-name %}} cluster.
+
+{{% note %}}
+#### Invitation expiration
+Invitations expire after a set period. If an invitation expires, you'll need to send a new invitation to the user.
+{{% /note %}}
+
+## Manage invitations
+
+### Revoke an invitation
+
+You can revoke pending invitations that haven't been accepted yet:
+
+1. In the Users table, locate the invitation you want to revoke.
+2. Click the **Actions** menu (⋮) for that invitation.
+3. Select **Revoke Invitation**.
+4. Confirm the revocation when prompted.
+
+Revoked invitations can no longer be used to access your cluster. The invitation status will change to `revoked`.
+
+### View invitation details
+
+Click on any invitation in the table to view additional details, including:
+- Complete invitation ID
+- Exact timestamp of invitation creation
+- Current status and any status changes
+
+## User roles and permissions
+
+{{% product-name %}} uses role-based access control to manage user permissions for the following roles:
+
+### Admin
+- Full read and write permissions on all cluster resources
+- Can create and delete databases, tables, and tokens
+- Can send and revoke user invitations
+- Can manage all aspects of cluster administration
+
+### Member  
+- Read permission on databases and certain cluster resources
+- Can create database tokens for data access
+- Cannot delete or create databases
+- Cannot manage other users or send invitations
+
+### Auditor
+- Read-only access to all cluster resources
+- Can view databases, tables, and configuration
+- Can see user invitations but cannot create or revoke them
+- Cannot modify any resources or create tokens
+
+> [!Note]
+> #### Role assignment
+>
+> User roles are assigned when sending invitations and cannot currently be changed through the Admin UI.
+> To modify a user's role, [contact InfluxData support](https://support.influxdata.com).
+
+## Limitations
+
+- **Historical records**: Invitation records remain even after user removal; use the [`influxctl users list`](https://docs.influxdata.com/influxdb3/cloud-dedicated/reference/influxctl/#list-users) command to confirm current users
+
+For operations not available in the Admin UI, contact [InfluxData support](https://support.influxdata.com) for role changes, user removal, or other advanced user management tasks.