Doc changes for MM-67647 that adds two new roles to manage secure connections

[wiggin77]

Summary

Adds docs for two new roles added for granular control over Connected Workspaces features:

• Shared Channel Manager (shared_channel_manager) — grants the manage_shared_channels permission, allowing assigned users to share and unshare channels with existing secure connections.
• Secure Connection Manager (secure_connection_manager) — grants the manage_secure_connections permission, allowing assigned users to create, manage, and remove secure connections to remote servers.

Previously, only System Admins have these permissions, and the only workaround is repurposing the system_manager role (which carries ~80 unrelated sysconsole permissions) OR giving access to all users. These purpose-built roles let admins delegate shared channel and secure connection management to specific users without granting broader system access.

Note To be merged after mattermost/mattermost#35354

Ticket Link

https://mattermost.atlassian.net/browse/MM-67647

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA fb72d42

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA b44d94d

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 54e128e

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA afbef28

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 12d0921

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 9499fa8

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA d103900

[esethna]

Do we need to keep note in the docs for if this is applicable to version x.xx and earlier?

[wiggin77]

I added server version info for when this was deprecated.

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA bf46359

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 5d8f499

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 775f9a1

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 577a1ef

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a78e66b7-15d0-47e7-ac38-fc9e17548c21

📥 Commits

Reviewing files that changed from the base of the PR and between 577a1ef and 04c03b2.

📒 Files selected for processing (2)

• source/administration-guide/onboard/advanced-permissions-backend-infrastructure.rst
• source/administration-guide/onboard/delegated-granular-administration.rst

🚧 Files skipped from review as they are similar to previous changes (2)

• source/administration-guide/onboard/advanced-permissions-backend-infrastructure.rst
• source/administration-guide/onboard/delegated-granular-administration.rst

---

📝 Walkthrough

Walkthrough

Documentation updates add two delegated administration roles—Shared Channel Manager and Secure Connection Manager—update permission names (deprecating manage_remote_clusters in favour of manage_secure_connections), and propagate role/permission changes across connected-workspaces, delegated administration, and advanced permissions guides.

Changes

Cohort / File(s)	Summary
Permission & Role Definitions source/administration-guide/onboard/advanced-permissions-backend-infrastructure.rst	Replaced manage_remote_clusters with a deprecated manage_remote_clusters (deprecated in v5.36) note; added manage_shared_channels and manage_secure_connections permissions; updated system_admin default permissions to include manage_secure_connections; added system_shared_channel_manager and system_secure_connection_manager builtin roles.
Delegated Administration source/administration-guide/onboard/delegated-granular-administration.rst	Added two new delegated admin roles (Shared Channel Manager — manage_shared_channels; Secure Connection Manager — manage_secure_connections); added rows to permission matrix and mmctl grant/ungrant examples; updated role lists and edited privilege-exception wording to include the new roles.
Connected Workspaces Guidance source/administration-guide/onboard/connected-workspaces.rst	Replaced system-admin-only phrasing with explicit delegated-role language (Secure Connection Manager, Shared Channel Manager) across connection creation, invitations, sharing, and management steps; updated notes and examples to reference delegated administration roles and “Authorized users.”

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding documentation for two new roles to manage secure connections and shared channels.
Description check	✅ Passed	The description clearly explains the purpose of the changes, detailing the two new roles, their permissions, and the benefits of this delegation approach.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch MM-67647_add_roles_for_shared_channels

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 2bdf125

[wiggin77]

@esethna ok to merge this?

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 04c03b2