Rename UCP RBAC files (#320)

* Rename UCP RBAC files

* Fix broken links

_data/toc.yaml

@@ -1629,42 +1629,36 @@ manuals:
           title: uninstall-ucp
         - path: /datacenter/ucp/3.0/reference/cli/upgrade/
           title: upgrade
-
-
     - sectiontitle: Authorize role-based access
       section:
       - path: /datacenter/ucp/3.0/guides/authorization/
         title: Access control model overview
       - sectiontitle: The basics
         section:
-        - path: /datacenter/ucp/3.0/guides/authorization/rbac-basics-create-subjects/
-          title: Create and users and teams
-        - path: /datacenter/ucp/3.0/guides/authorization/rbac-basics-define-roles/
-          title: Define roles with permissions
-        - path: /datacenter/ucp/3.0/guides/authorization/rbac-basics-group-resources/
-          title: Group cluster resources
-        - path: /datacenter/ucp/3.0/guides/authorization/rbac-basics-grant-permissions/
-          title: Grant role-access to resources
+        - path: /datacenter/ucp/3.0/guides/authorization/create-users-and-teams-manually/
+          title: Create users and teams manually
+        - path: /datacenter/ucp/3.0/guides/authorization/create-teams-with-ldap/
+          title: Create teams with LDAP
+        - path: /datacenter/ucp/3.0/guides/authorization/define-roles/
+          title: Define roles with authorized API operations
+        - path: /datacenter/ucp/3.0/guides/authorization/group-resources/
+          title: Group and isolate cluster resources
+        - path: /datacenter/ucp/3.0/guides/authorization/grant-permissions/
+          title: Grant role-access to cluster resources
+        - path: /datacenter/ucp/3.0/guides/authorization/reset-user-password/
+          title: Reset user passwords
       - sectiontitle: Tutorials and use cases
         section:
-        - path: /datacenter/ucp/3.0/guides/authorization/rbac-howto-deploy-stateless-app/
+        - path: /datacenter/ucp/3.0/guides/authorization/deploy-stateless-app/
           title: Deploy stateless app with RBAC
-        - path: /datacenter/ucp/3.0/guides/authorization/rbac-howto-isolate-volumes/
+        - path: /datacenter/ucp/3.0/guides/authorization/isolate-volumes/
           title: Isolate volumes
-        - path: /datacenter/ucp/3.0/guides/authorization/rbac-howto-isolate-nodes/
+        - path: /datacenter/ucp/3.0/guides/authorization/isolate-nodes/
           title: Isolate nodes
-        - path: /datacenter/ucp/3.0/guides/authorization/rbac-howto-orcabank1-standard/
-          title: Docker EE Standard Use Case
-        - path: /datacenter/ucp/3.0/guides/authorization/rbac-howto-orcabank2-advanced/
-          title: Docker EE Advanced Use Case
-      - sectiontitle: User admin
-        section:
-        - path: /datacenter/ucp/3.0/guides/authorization/admin-sync-with-ldap/
-          title: Synchronize teams with LDAP
-        - path: /datacenter/ucp/3.0/guides/authorization/admin-recover-password/
-          title: Reset user passwords
-
-
+        - path: /datacenter/ucp/3.0/guides/authorization/ee-standard/
+          title: Docker EE Standard use case
+        - path: /datacenter/ucp/3.0/guides/authorization/ee-advanced/
+          title: Docker EE Advanced use case
     - sectiontitle: User guides
       section:
       - sectiontitle: Access UCP

datacenter/ucp/3.0/guides/authorization/create-teams-with-ldap.md

@@ -1,5 +1,5 @@
 ---
-title: Synchronize users and teams with LDAP
+title: Create teams with LDAP
 description: Learn how to enable LDAP and sync users and teams in Docker Universal Control Plane.
 keywords: authorize, authentication, users, teams, UCP, Docker, LDAP
 ---

datacenter/ucp/3.0/guides/authorization/create-users-and-teams-manually.md

@@ -1,5 +1,5 @@
 ---
-title: Create and configure users and teams
+title: Create users and teams manually
 description: Learn how to add users and define teams in Docker Universal Control Plane.
 keywords: rbac, authorize, authentication, users, teams, UCP, Docker
 ---
@@ -30,7 +30,7 @@ To use Docker EE's built-in authentication, you must [create users manually](#cr
 
 > To enable LDAP and authenticate and synchronize UCP users and teams with your
 > organization's LDAP directory, see:
-> - [Synchronize users and teams with LDAP in the UI](admin-sync-with-ldap.md)
+> - [Synchronize users and teams with LDAP in the UI](create-teams-with-ldap.md)
 > - [Integrate with an LDAP Directory](../admin/configure/external-auth/index.md).
 
 ## Build an organization architecture
@@ -61,12 +61,12 @@ To create teams in the organization:
    - Click the team name and select **Actions** > **Add Users**.
    - Check the users to include and click **Add Users**.
 
-> **Note**: To sync teams with groups in an LDAP server, see [Sync Teams with LDAP](admin-sync-with-ldap).
+> **Note**: To sync teams with groups in an LDAP server, see [Sync Teams with LDAP](create-teams-with-ldap.md).
 
 ### Create users manually
 
 New users are assigned a default permission level so that they can access the
-cluster. To extend a user's default permissions, add them to a team and [create grants](rbac-basics-grant-permissions.md). You can optionally grant them Docker EE
+cluster. To extend a user's default permissions, add them to a team and [create grants](grant-permissions.md). You can optionally grant them Docker EE
 administrator permissions.
 
 To manally create users in UCP:
@@ -86,7 +86,7 @@ To manally create users in UCP:
 
 # Next steps
 
-* [Synchronize teams with LDAP](admin-sync-with-ldap.md)
-* [Define roles with authorized API operations](rbac-basics-define-roles.md)
-* [Group and isolate cluster resources](rbac-basics-group-resources.md)
-* [Grant role-access to cluster resources](rbac-basics-grant-permissions.md)
+* [Synchronize teams with LDAP](create-teams-with-ldap.md)
+* [Define roles with authorized API operations](define-roles.md)
+* [Group and isolate cluster resources](group-resources.md)
+* [Grant role-access to cluster resources](grant-permissions.md)

datacenter/ucp/3.0/guides/authorization/define-roles.md

@@ -48,6 +48,6 @@ the same name to different collections or namespaces.
 
 ## Next steps
 
-* [Create and configure users and teams](rbac-basics-create-subjects.md)
-* [Group and isolate cluster resources](rbac-basics-group-resources.md)
-* [Grant role-access to cluster resources](rbac-basics-grant-permissions.md)
+* [Create and configure users and teams](create-users-and-teams-manually.md)
+* [Group and isolate cluster resources](group-resources.md)
+* [Grant role-access to cluster resources](grant-permissions.md)

datacenter/ucp/3.0/guides/authorization/deploy-stateless-app.md

@@ -32,7 +32,7 @@ acme-datacenter
     └── Chad Chavez
 ```
 
-See: [Create and configure users and teams](rbac-basics-create-subjects.md).
+See: [Create and configure users and teams](create-users-and-teams-manually.md).
 
 ## Kubernetes deployment
 
@@ -64,7 +64,7 @@ simple role for the ops team:
 4. On the **Operations** tab, check all **Kubernetes Deployment Operations**.
 5. Click **Create**.
 
-See: [Create and configure users and teams](rbac-basics-define-roles.md).
+See: [Create and configure users and teams](define-roles.md).
 
 ### Grant access
 
@@ -127,7 +127,7 @@ Create a collection for nginx resources, nested under the `/Shared` collection:
 
 > **Tip**: To drill into a collection, click **View Children**.
 
-See: [Group and isolate cluster resources](rbac-basics-group-resources.md).
+See: [Group and isolate cluster resources](group-resources.md).
 
 ### Define roles
 
@@ -140,7 +140,7 @@ simple role for the ops team:
 4. On the **Operations** tab, check all **Service Operations**.
 5. Click **Create**.
 
-See: [Create and configure users and teams](rbac-basics-define-roles.md).
+See: [Create and configure users and teams](define-roles.md).
 
 ### Grant access
 
@@ -151,7 +151,7 @@ built-in role, **Swarm Deploy**.
 acme-datacenter/ops + Swarm Deploy + /Shared/nginx-collection
 ```
 
-See: [Grant role-access to cluster resources](rbac-basics-grant-permissions.md).
+See: [Grant role-access to cluster resources](grant-permissions.md).
 
 ### Deploy Nginx
 

datacenter/ucp/3.0/guides/authorization/ee-advanced.md

@@ -4,7 +4,7 @@ description: Learn how to architect multitenancy with Docker Enterprise Edition
 keywords: authorize, authentication, users, teams, groups, sync, UCP, role, access control
 ---
 
-Go through the [Docker Enterprise Standard tutorial](rbac-howto-orcabank1-standard.md),
+Go through the [Docker Enterprise Standard tutorial](ee-standard.md),
 before continuing here with Docker Enterprise Advanced.
 
 In the first tutorial, the fictional company, OrcaBank, designed an architecture
@@ -21,9 +21,9 @@ apps from their dev cluster to staging for testing, and then to production.
 
 Second, production applications are no longer permitted to share any physical
 infrastructure with non-production infrastructure. OrcaBank segments the
-scheduling and access of applications with [Node Access Control](rbac-howto-isolate-nodes.md).
+scheduling and access of applications with [Node Access Control](isolate-nodes.md).
 
-> [Node Access Control](rbac-howto-isolate-nodes.md) is a feature of Docker EE
+> [Node Access Control](isolate-nodes.md) is a feature of Docker EE
 > Advanced and provides secure multi-tenancy with node-based isolation. Nodes
 > can be placed in different collections so that resources can be scheduled and
 > isolated on disparate physical or virtual hardware resources.
@@ -136,4 +136,4 @@ that are provided by the `db` team.
 
 ## Next steps
 
-* [Access control design with Docker EE Standard](rbac-howto-orcabank1-standard.md)
+* [Access control design with Docker EE Standard](ee-standard.md)

datacenter/ucp/3.0/guides/authorization/ee-standard.md

@@ -109,7 +109,7 @@ a secure and controlled interface, leveraging Database networks and secrets.
 
 > **Note:** In Docker Enterprise Standard, all resources are deployed across the
 > same  group of UCP worker nodes. Node segmentation is provided in Docker
-> Enterprise Advanced and discussed in the [next tutorial](./deploy/rbac/rbac-howto-orcabank1-advanced).
+> Enterprise Advanced and discussed in the [next tutorial](ee-advanced.md).
 
 ![image](../images/design-access-control-adv-2.png){: .with-border}
 
@@ -130,4 +130,4 @@ minus the database tier that is managed by the `db` team.
 
 ## Next steps
 
-* [Access control design with Docker EE Advanced](rbac-howto-orcabank1-advanced.md)
+* [Access control design with Docker EE Advanced](ee-advanced.md)

datacenter/ucp/3.0/guides/authorization/grant-permissions.md

@@ -69,4 +69,4 @@ To create a grant in UCP:
 
 ## Next steps
 
-* [Deploy a simple stateless app with RBAC](rbac-howto-deploy-stateless-app.md)
+* [Deploy a simple stateless app with RBAC](deploy-stateless-app.md)

datacenter/ucp/3.0/guides/authorization/group-resources.md

@@ -36,7 +36,7 @@ For example, each user has a private collection with the path,
 the access label: `com.docker.ucp.access.label = /Shared/Private/molly`.
 
 To deploy applications into a custom collection, you must define the collection
-first. For an example, see [Deploy stateless app with RBAC](rbac-howto-deploy-stateless-app.md).
+first. For an example, see [Deploy stateless app with RBAC](deploy-stateless-app.md).
 When a user deploys a resource without an access label, Docker EE automatically
 places the resource in the user's default collection.
 
@@ -53,13 +53,13 @@ the user, which specifies the operations that are allowed against the target.
 
 Docker EE provides a number of built-in collections.
 
-| Default collection | Description                                                                                                                                                                                                                                           |
-|:-------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `/`                | Path to all resources in the Swarm cluster. Resources not in a collection are put here.                                                                                                                                                               |
-| `/System`          | Path to UCP managers, DTR nodes, and UCP/DTR system services. By default, only admins have access, but this is configurable.                                                                                                                          |
-| `/Shared`          | Default path to all worker nodes for scheduling. In Docker EE Standard, all worker nodes are located here. In [Docker EE Advanced](https://www.docker.com/enterprise-edition), worker nodes can be moved and [isolated](./rbac-howto-isolate-nodes/). |
-| `/Shared/Private/` | Path to a user's private collection.                                                                                                                                                                                                                  |
-| `/Shared/Legacy`   | Path to the access control labels of legacy versions (UCP 2.1 and lower).                                                                                                                                                                             |
+| Default collection | Description                                                                                                                                                                                                                                |
+|:-------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `/`                | Path to all resources in the Swarm cluster. Resources not in a collection are put here.                                                                                                                                                    |
+| `/System`          | Path to UCP managers, DTR nodes, and UCP/DTR system services. By default, only admins have access, but this is configurable.                                                                                                               |
+| `/Shared`          | Default path to all worker nodes for scheduling. In Docker EE Standard, all worker nodes are located here. In [Docker EE Advanced](https://www.docker.com/enterprise-edition), worker nodes can be moved and [isolated](isolate-nodes.md). |
+| `/Shared/Private/` | Path to a user's private collection.                                                                                                                                                                                                       |
+| `/Shared/Legacy`   | Path to the access control labels of legacy versions (UCP 2.1 and lower).                                                                                                                                                                  |
 
 This diagram shows the `/System` and `/Shared` collections created by Docker EE.
 User private collections are children of the `/Shared/private` collection. Here,
@@ -143,10 +143,10 @@ one of the nodes under `/Shared`.
 
 If you want to isolate nodes against other teams, place these nodes in new
 collections, and assign the `Scheduler` role, which contains the `Node Schedule`
-permission, to the team. [Isolate swarm nodes to a specific team](rbac-howto-isolate-nodes.md).
+permission, to the team. [Isolate swarm nodes to a specific team](isolate-nodes.md).
 
 ## Next case
 
-* [Create and configure users and teams](rbac-basics-create-subjects.md)
-* [Define roles with authorized API operations](rbac-basics-define-roles.md)
-* [Grant role-access to cluster resources](rbac-basics-grant-permissions.md)
+* [Create and configure users and teams](create-users-and-teams-manually.md)
+* [Define roles with authorized API operations](define-roles.md)
+* [Grant role-access to cluster resources](grant-permissions.md)

datacenter/ucp/3.0/guides/authorization/index.md

@@ -18,7 +18,7 @@ administrators might take the following high-level steps:
 - Group cluster **resources** into Swarm collections or Kubernetes namespaces.
 - Create **grants** by marrying subject + role + resource group.
 
-For an example, see [Deploy stateless app with RBAC](rbac-howto-deploy-stateless-app.md).
+For an example, see [Deploy stateless app with RBAC](deploy-stateless-app.md).
 
 ## Subjects
 
@@ -32,7 +32,7 @@ role that defines permitted operations against one or more resource types.
 - **Organization**: A group of teams that share a specific set of permissions,
   defined by the roles of the organization.
 
-For more, see: [Create and configure users and teams](rbac-basics-create-subjects.md)
+For more, see: [Create and configure users and teams](create-users-and-teams-manually.md)
 
 ## Roles
 
@@ -48,7 +48,7 @@ Most organizations use multiple roles to fine-tune the appropriate access. A
 given team or user may have different roles provided to them depending on what
 resource they are accessing.
 
-For more, see: [Define roles with authorized API operations](rbac-basics-define-roles.md)
+For more, see: [Define roles with authorized API operations](define-roles.md)
 
 ## Resources
 
@@ -72,7 +72,7 @@ namespaces _cannot be nested_.
 > Resource types that can be placed into a Kubernetes namespace include: Pods,
 > Deployments, NetworkPolcies, Nodes, Services, Secrets, and many more.
 
-For more, see: [Group and isolate cluster resources](rbac-basics-group-resources.md).
+For more, see: [Group and isolate cluster resources](group-resources.md).
 
 ## Grants
 
@@ -88,11 +88,11 @@ Only an administrator can manage grants, subjects, roles, and resources.
 > into directories or namespaces, define roles by selecting allowable operations,
 > and apply grants to users and teams.
 
-For more, see: [Grant access to cluster resources](rbac-basics-grant-permissions.md).
+For more, see: [Grant access to cluster resources](grant-permissions.md).
 
 ## Next steps
 
-* [Create and configure users and teams](rbac-basics-create-subjects.md)
-* [Define roles with authorized API operations](rbac-basics-define-roles.md)
-* [Group and isolate cluster resources](rbac-basics-group-resources.md)
-* [Grant role-access to cluster resources](rbac-basics-grant-permissions.md)
+* [Create and configure users and teams](create-users-and-teams-manually.md)
+* [Define roles with authorized API operations](define-roles.md)
+* [Group and isolate cluster resources](group-resources.md)
+* [Grant role-access to cluster resources](grant-permissions.md)

datacenter/ucp/3.0/guides/authorization/isolate-nodes.md

@@ -28,7 +28,7 @@ complete this example.
 In the web UI, navigate to the **Organizations & Teams** page to create a team
 named "Ops" in your organization. Add a user who isn't a UCP administrator to
 the team.
-[Learn to create and manage teams](rbac-basics-create-subjects.md).
+[Learn to create and manage teams](create-users-and-teams-manually.md).
 
 ## Create a node collection and a resource collection
 
@@ -168,4 +168,4 @@ that has a `Service Create` grant for the user.
 
 ## Next steps
 
-* [Isolate volumes](rbac-howto-isolate-volumes.md)
+* [Isolate volumes](isolate-volumes.md)

datacenter/ucp/3.0/guides/authorization/isolate-volumes.md

@@ -21,7 +21,7 @@ nodes.
 Navigate to the **Organizations & Teams** page to create two teams in your
 organization, named "Dev" and "Prod". Add a user who's not a UCP administrator
 to the Dev team, and add another non-admin user to the Prod team.
-[Learn how to create and manage teams](rbac-basics-create-subjects.md).
+[Learn how to create and manage teams](create-users-and-teams-manually.md).
 
 ## Create resource collections
 
@@ -93,4 +93,4 @@ created by the Dev and Prod users.
 
 ## Next steps
 
-* [Isolate Swarm nodes in Docker Advanced](rbac-howto-isolate-nodes)
+* [Isolate Swarm nodes in Docker Advanced](isolate-nodes.md)