docs: add RBAC endpoints, OIDC group mapping, and update Pro terminology

- Add RBAC/role management endpoints to API.md - Document OIDC group-to-role mapping feature in OIDC.md - Add missing config files to CONFIGURATION.md (audit.db, AI files) - Add OIDC_GROUP_ROLE_MAPPINGS env var documentation - Fix "enterprise" -> "Pro" terminology in TROUBLESHOOTING.md - Refocus TEMPERATURE_MONITORING.md on agent method, collapse legacy proxy docs
2026-02-18 00:17:39 +01:00 · 2026-01-10 13:59:50 +00:00
parent a970a6e5ee
commit 80729408c1
5 changed files with 110 additions and 3 deletions
--- a/docs/API.md
+++ b/docs/API.md
@@ -352,6 +352,52 @@ Initiate OIDC login flow.

 ---

+## 👥 RBAC / Role Management (Pro)
+
+Role-based access control endpoints for managing roles and user assignments. Requires admin access and the `rbac` license feature.
+
+### List Roles
+`GET /api/admin/roles`
+Returns all defined roles.
+
+### Create Role
+`POST /api/admin/roles`
+```json
+{
+  "id": "operator",
+  "name": "Operator",
+  "description": "Can view and manage alerts",
+  "permissions": [
+    { "action": "read", "resource": "alerts" },
+    { "action": "write", "resource": "alerts" }
+  ]
+}
+```
+
+### Update Role
+`PUT /api/admin/roles/{id}`
+Update an existing role's name, description, or permissions.
+
+### Delete Role
+`DELETE /api/admin/roles/{id}`
+
+### List Users
+`GET /api/admin/users`
+Returns all users with their role assignments.
+
+### Assign Role to User
+`POST /api/admin/users/{username}/roles`
+```json
+{ "role_id": "operator" }
+```
+
+### Remove Role from User
+`DELETE /api/admin/users/{username}/roles/{role_id}`
+
+> **Note**: OIDC group-to-role mapping can automatically assign roles on login. See [OIDC.md](OIDC.md) for configuration.
+
+---
+
 ## 🤖 Pulse AI *(v5)*

 **Pro gating:** endpoints labeled "(Pro)" require a Pulse Pro license and return `402 Payment Required` if the feature is not licensed.