diff --git a/docs/tutorials/3.admin/access-management-keys.md b/docs/tutorials/3.admin/access-management-keys.md
index 8f89fedab..aa20724b0 100644
--- a/docs/tutorials/3.admin/access-management-keys.md
+++ b/docs/tutorials/3.admin/access-management-keys.md
@@ -4,57 +4,66 @@
DIAL Core uses API keys to manage access of external applications for resources in DIAL.
+> * Refer to [DIAL Core](https://github.com/epam/ai-dial-core/blob/development/docs/dynamic-settings/keys.md) to learn how API keys are defined in DIAL Core configuration.
> * Refer to [Access Control](/docs/platform/3.core/2.access-control-intro.md) to learn more about access control in DIAL.
> * Refer to [Tutorials](/docs/tutorials/2.devops/2.auth-and-access-control/0.api-keys.md) to learn how to configure access and usage control for API keys.
## Main Screen
-On the main screen you can see all existing API keys with their details.
+On this screen, you can find all API keys defined in your instance of DIAL. Here, you can also add and manage API keys.
+
+> API keys can also be defined directly in [DIAL Core configuration](https://github.com/epam/ai-dial-core/blob/development/docs/dynamic-settings/keys.md).
-##### Keys Grid
+##### Keys grid
> **TIP**: Use the **Columns** selector to customize which columns are visible in the grid.
-| Column | Definition |
-|---------------------------|---------------------------------------------------------------------------------------------------------------------|
-| **ID** | A unique key under the Keys section of DIAL Admin. |
-| **Display Name** | A user-friendly name of the Key. |
-| **Description** | Optional notes explaining the key’s purpose, owner/team, or special instructions. |
-| **Key generation time** | A key's creation timestamp. Useful for auditing and correlating the key's usage with system changes or deployments. |
-| **Expiration time** | A key's expiration timestamp. Setting expirations enforces regular key rotation. |
-| **Status** | The current state of the key. |
-| **Project** | The name of the project the key is associated with. |
-| **Updated time** | Timestamp of the latest change. |
-| **Creation time** | Date and time when the key artefact was created in DIAL. |
-| **Project contact point** | Email of the responsible person or group. |
-| **Secured** | Indication if it is secured API key. |
-| **Topics** | Tags assigned to the key (e.g. "admin", "user"). |
-
+| Column | Definition |
+|--------|------------|
+| **ID** | Unique key identifier. |
+| **Display Name** | Name of the key displayed on UI. |
+| **Description** | Description of the key. |
+| **Creation time** | Date and time when the key artefact was created in DIAL. |
+| **Updated time** | Timestamp of the latest change. |
+| **Key generation time** | Timestamp of the secret value generation. |
+| **Expiration time** | Key's expiration timestamp. Setting expirations enforces regular key rotation. |
+| **Status** | Current status of the key. A key is **invalid** in cases when there are no roles assigned to it, or its secret value is missing or is expired. |
+| **Project** | Name of the project the key is associated with. |
+| **Project contact point** | Email of the responsible person or group. |
+| **Secured** | Indication if it is [secured API key](/docs/platform/3.core/4.privacy.md#applications-audit-logs). |
+| **Topics** | Tags assigned to the key (e.g. "admin", "user"). |
## Create Keys
Follow these steps to create a new API key:
-1. Click **Create** to invoke the **Create Key** modal.
+1. Click **Create** to invoke the **Key** modal.
2. In the modal, specify the following parameters for the new key:
- | Field | Required | Description |
- |---------------------|----------|-------------|
- | **ID** | Yes | A unique key under the Keys section of DIAL Admin. Click Generate to automatically create unique GUID.|
- | **Display Name** | Yes | A user-friendly name of the Key. |
- | **Description** | No | An optional free-form text.
Use to document the key’s purpose, owner team, or usage context. |
- | **Project** | Yes | Logical project or department grouping (e.g. "AnalyticsTeam").
Helps organize keys and apply cost/usage reporting by project. |
- | **Key value** | Yes | The actual secret string used for authentication.
Initially hidden; click **👁️** to reveal.
Press **Generate** to have its value automatically generated in GUID format. |
- | **Validity Period** | Yes | A key's expiration time period. Use to enforce credential rotation and retirement. |
+ | Field | Required | Description |
+ |-------|----------|-------------|
+ | **ID** | Yes | Unique key identifier. Click Generate to automatically create unique GUID. |
+ | **Display Name** | Yes | Name of the key displayed on UI. |
+ | **Description** | No | Description of the key. |
+ | **Project** | Yes | Logical project or department grouping (e.g. "AnalyticsTeam").
Helps organize keys and apply cost/usage reporting by project. |
+ | **Key value** | Yes | Secret string used for authentication.
Initially hidden; click **👁️** to reveal.
Press **Generate** to have its value automatically generated in GUID format.
Can be changed in [Properties](#properties). |
+ | **Validity Period** | Yes | Key's expiration time period. Use to enforce credential rotation and retirement. |
-3. Once all required fields are filled, click **Create**. The dialog closes and the new [key configuration](#key-configuration) screen is opened. A new key entry will appear immediately in the listing once created.
+3. Once all required fields are filled, click **Create**. The dialog closes and the new [key configuration](#configuration) screen is opened. A new key entry will appear immediately in the listing once created.
+## Delete
-## Key Configuration
+Click **Delete** on the main screen to permanently remove the selected key.
+
+> **Note**: All related entities (applications, models, routes) bound to the deleted API key will fail.
+
+
+
+## Configuration
Click any API key to display the configuration screen.
@@ -62,32 +71,37 @@ Click any API key to display the configuration screen.
Use **Rotation** to refresh an existing API key.
+> Note, that after rotation the key's generation timestamp will be updated accordingly.
+
1. Click any API key to invoke the configuration screen
2. Click **Rotate**.
3. Paste or auto-generate a new secret in the **Key value** field.
4. Pick the **Validity period**. The default expiration period is three months.
5. Click **Rotate** to apply the changes.
+
+
### Properties
In the Properties tab, you can view metadata and manage the selected settings for a specific API key.
-
-
-| Field | Required | Description |
-|---------------------------|----------|------------|
-| **ID** | - | A unique key under the Keys section of DIAL Admin. |
-| **Creation Time** | - | Date and time when the key artefact was created in DIAL. |
-| **Key Generation Time** | - | Date and time when the actual key value was last modified. |
-| **Expiration Time** | - | Date and time when the key is expiring. |
-| **Status** | - | Indicates the validity status of a key.
A key is **invalid** in cases when there are no roles assigned to it, or its secret value is missing or is expired.|
-| **Display Name** | Yes | A user-friendly identifier of a key.
Use meaningful names to tie keys back to projects, environments, or teams. |
-| **Description** | No | A free-form text.
Use to document the key’s purpose, owner team, or usage context (e.g. "Used by QH Data Ingestion pipeline"). |
-| **Project** | Yes | Logical project or department grouping (e.g. "QH", "AnalyticsTeam").
Helps organize keys and apply cost/usage reporting by project. |
-| **Project contact point** | No | Email of the responsible person or group. |
-| **Key value** | Yes | The actual secret string used for authentication.
Initially hidden - click **👁️** to reveal.
Press **Copy** to copy it to clipboard. |
-| **Secured** | Yes | Toggle to make the key a [secured API key](/docs/platform/3.core/4.privacy.md#applications-audit-logs). |
-| **Topics** | No | Tags that you can assign to keys (e.g. "admin", "user"). Helps to split keys into categories for better navigation on UI. |
+| Field | Required | Description |
+|-------|----------|-------------|
+| **ID** | - | Unique key's identifier. |
+| **Updated Time** | - | Timestamp of the last update. |
+| **Creation Time** | - | Creation timestamp. |
+| **Key Generation Time** | - | Timestamp of the last generation of the key's secret value. |
+| **Expiration Time** | - | Keys' expiration timestamp. |
+| **Status** | - | Indicates the validity status of a key.
A key is **invalid** in cases when there are no roles assigned to it, or its secret value is missing or is expired. |
+| **Display Name** | Yes | Name of the key displayed on UI. |
+| **Description** | No | Description of the key. |
+| **Project** | Yes | Logical project or department grouping (e.g. "QH", "AnalyticsTeam").
Helps organize keys and apply cost/usage reporting by project. |
+| **Project contact point** | No | Email of the responsible person or group. |
+| **Key value** | Yes | Secret string used for authentication.
Initially hidden - click **👁️** to reveal.
Press **Copy** to copy it to clipboard. |
+| **Secured** | Yes | Toggle to make the key a [secured API key](/docs/platform/3.core/4.privacy.md#applications-audit-logs). |
+| **Topics** | No | Tags that you can assign to keys (e.g. "admin", "user"). Helps to split keys into categories for better navigation on UI. |
+
+
### Roles
@@ -95,31 +109,26 @@ API keys must be associated with a specific role in DIAL Core to be valid. Roles
In the Roles tab, you can associate the selected API key with existing [roles](/docs/tutorials/3.admin/access-management-roles.md).
-
-
-| Column | Description|
-| --------------- |-----------------------------------------------|
-| **Name** | A unique identifier of the role. |
-| **Description** | User-friendly summary of the Role’s purpose. |
-
-#### Add
+
-To associate one or more roles with the selected API key:
+| Column | Description |
+|--------|-------------|
+| **Display Name** | Role's name displayed on UI. |
+| **Description** | Description of a role. |
+| **ID** | Unique role's identifier. |
-1. Click **+ Add** (top-right of the Roles Grid).
-2. **Select** one or more roles in the modal window. Roles are defined in the [Access Management → Roles](/docs/tutorials/3.admin/access-management-roles.md) section.
-3. **Confirm** to insert them into the table.
+##### Available actions
-#### Remove
+| Action | Description |
+|--------|-------------|
+| Add | Use to a role that will get access to the selected API key. |
+| Remove | Use to disconnect the selected role from API keys. To delete role, go to [Roles](/docs/tutorials/3.admin/access-management-roles.md). |
-Use to stop associating API keys with roles.
-
-1. Click the **actions** menu in the role's line.
-2. Choose **Remove** in the menu.
+### Audit
- 
+The Activities section provides detailed visibility into all changes made to the selected API key. This section mimics the functionality available in the global [Audit → Activities](/docs/tutorials/3.admin/telemetry-activity-audit.md) menu, but is scoped specifically to the selected API key.
-> To delete a role, go to the [Access Management → Roles](/docs/tutorials/3.admin/access-management-roles.md) section.
+
### JSON Editor
@@ -137,10 +146,4 @@ In JSON editor, you can use the view dropdown to select between Admin format and
2. Click the **JSON Editor** toggle (top-right). The UI reveals the raw JSON.
3. Chose between the Admin and Core format to see and work with properties in the necessary format. **Note**: Core format view mode does not render the actual configuration stored in DIAL Core but the configuration in Admin service displayed in the DIAL Core format.
4. Make changes and click **Save** to apply them.
-5. After making changes, the **Sync with core** indicator on the main configuration screen will inform you about the synchronization state with DIAL Core.
-
-## Delete
-
-Click **Delete** on the main screen to permanently remove the selected key.
-
-> **Note**: All related entities (applications, models, routes) bound to the deleted API key will fail.
+5. After making changes, the **Sync with core** indicator on the main configuration screen will inform you about the synchronization state with DIAL Core.
\ No newline at end of file
diff --git a/docs/tutorials/3.admin/access-management-roles.md b/docs/tutorials/3.admin/access-management-roles.md
index 5b31ed2a4..a57b69095 100644
--- a/docs/tutorials/3.admin/access-management-roles.md
+++ b/docs/tutorials/3.admin/access-management-roles.md
@@ -2,31 +2,30 @@
## Introduction
-Roles are used to enable roles-based access to resources in DIAL.
+DIAL uses Roles to enable roles-based access to resources such as applications, AI models, toolsets, routes, conversations and prompts.
-> * Refer to [Access Control](/docs/platform/3.core/2.access-control-intro.md) to learn more about access control in DIAL.
+> * Refer to [DIAL Core](https://github.com/epam/ai-dial-core/blob/development/docs/dynamic-settings/roles.md) to learn how roles are defined in DIAL Core configuration.
> * Refer to [Roles](/docs/platform/0.architecture-and-concepts/6.access-control.md#roles) to lean more about roles in DIAL.
> * Refer to [Tutorials](/docs/tutorials/2.devops/2.auth-and-access-control/0.api-keys.md) to learn how to configure roles for API keys.
> * Refer to [Tutorials](/docs/tutorials/2.devops/2.auth-and-access-control/1.jwt.md) to learn how to configure roles for JWT.
-> * Refer to [IDP Configurations](/docs/tutorials/2.devops/2.auth-and-access-control/2.configure-idps/0.overview.md) to learn about the supported identity service providers and how to configure them.
## Main Screen
-In Roles, you can define and manage roles in DIAL.
+On this screen, you can find all roles defined in your instance of DIAL. Here, you can also add and manage roles.
> Roles can also be defined directly in [DIAL Core configuration](https://github.com/epam/ai-dial-core/blob/development/docs/dynamic-settings/roles.md).
-
+
-##### Roles Grid
+##### Roles grid
| Column | Description |
|--------|-------------|
-| **ID**| This is a unique key under the Roles section of DIAL Admin. |
-| **Display Name** | A user-friendly name of a role (e.g. Data Extraction Admin, Analysts, Business User). |
-| **Description** | A free-form description of a role (e.g. "Business User role for the Data Extraction application"). |
+| **ID**| Unique identifier of a role. |
+| **Display Name** | Role's name displayed on UI. |
+| **Description** | Description of a role (e.g. "Business User role for the Data Extraction application"). |
| **Updated Time** | Date and time when the role's configuration was last updated. |
-| **Topics** | Tags assigned to roles (e.g. "admin", "user"). |
+| **Topics** | Semantic tags assigned to roles (e.g. "admin", "user"). |
## Create Role
@@ -35,17 +34,23 @@ Follow these steps to create a new role:
1. Click **Create** to invoke the **Create Role** modal.
2. Define role's parameters:
- | Column | Required | Description |
- |-------|-----------|-----------------------|
- | **ID**| Yes | This is a unique key under the Roles section of DIAL Admin. |
- | **Display Name** | Yes | A user-friendly name of a role (e.g. Data Extraction Admin, Analysts, Business User). |
- | **Description** | No | A free-form description of a role (e.g. "Business User role for the Data Extraction application"). |
+ | Field | Required | Description |
+ |-------|----------|-------------|
+ | **ID** | Yes | Unique identifier for the role. |
+ | **Display Name** | Yes | Name shown in the UI for the role. |
+ | **Description** | No | Optional text describing the role (e.g., "Business User role for the Data Extraction app"). |
-3. Once all required fields are filled, click **Create**. The dialog closes and the new [role configuration](#role-configuration) screen is opened. A new role entry will appear immediately in the listing once created.
+3. Once all required fields are filled, click **Create**. The dialog closes and the new [role configuration](#configuration) screen is opened. A new role entry will appear immediately in the listing once created.
-## Role Configuration
+## Delete
+
+Click **Delete** in the role's actions menu on the main screen or in the Configuration screen to permanently remove the selected role.
+
+
+
+## Configuration
Click any role to display the configuration screen.
@@ -53,125 +58,77 @@ Click any role to display the configuration screen.
In the Properties tab, you can define the identity and metadata for the role. These settings determine how the role appears throughout DIAL and help administrators understand its purpose.
-
-
-| Field | Required | Description |
-|---------------------|----------|---------------------------|
-| **ID** | - | This is a unique key under the Roles section of DIAL Admin. |
-| **Updated Time** | - | Date and time when the role's configuration was last updated. |
-| **Creation Time** | - | Date and time when the role's configuration was created. |
-| **Sync with core** | - | Indicates the state of the entity's configuration synchronization between Admin and DIAL Core.
Synchronization occurs automatically every 2 mins (configurable via `CONFIG_AUTO_RELOAD_SCHEDULE_DELAY_MILLISECONDS`).
**Important**: Sync state is not available for sensitive information (API keys/tokens/auth settings).
**Synced**:
Entity's states are identical in Admin and in Core for valid entities or entity is missing in Core for invalid entities.
**In progress...**:
If Synced conditions are not met and changes were applied within last 2 mins (this period is configurable via `CONFIG_EXPORT_SYNC_DURATION_THRESHOLD_MS`).
**Out of sync**:
If Synced conditions are not met and changes were applied more than 2 mins ago (this period is configurable via `CONFIG_EXPORT_SYNC_DURATION_THRESHOLD_MS`).
**Unavailable**:
Displayed when it is not possible to determine the entity’s state in Core. This occurs if:
- The config was not received from Core for any reason.
- The configuration of entities in Core is not entirely compatible with the one in the Admin service. |
-| **Display Name** | Yes | A unique identifier of the role, used in ACL selectors and in API calls.|
-| **Description** | No | Optional free-form text describing the role’s intended audience or use.|
-| **Set cost limits** | No | Use to enable [token usage limitations](/docs/platform/3.core/8.token-limits-and-cost-control.md#token-rate-limiting).
**Available values**: Tokens per minute, Tokens per day, Tokens per week, Tokens per month.
In case limitations for a specific role are not set, the limitations configured for the **default** role apply. In case limitations for the **default** role are not set, the value is unlimited.
Refer to [DIAL Core documentation](https://github.com/epam/ai-dial-core/blob/development/docs/dynamic-settings/roles.md) to learn more about available usage and cost limitations for roles. |
-| **Topics** | No | Tags that you can assign to roles (e.g. "admin", "user"). Helps to split roles into categories for better navigation on UI. |
-| **Sharing** | No | Use to set the [sharing limits](/docs/tutorials/1.developers/1.work-with-resources/1.sharing.md) that apply for specific types of resources in DIAL.
**Expiration time** refers to TTL of the invitation link. Default: 72 (hrs).
**Max users** refers to the maximum number of users who can accept an invitation link for a resource being shared. The limit is applied to the shared resource. Default: 10 for APPLICATION and UNLIMITED for other resource types.
Refer to [DIAL Core documentation](https://github.com/epam/ai-dial-core/blob/development/docs/dynamic-settings/roles.md#rolesrole_nameshare) to learn more about sharing limitations. |
+| Field | Required | Description |
+|-------|----------|-------------|
+| **ID** | - | Unique role's identifier. |
+| **Updated Time** | - | Date and time when the role's configuration was last updated. |
+| **Creation Time** | - | Date and time when the role's configuration was created. |
+| **Sync with core** | - | Indicates the state of the entity's configuration synchronization between Admin and DIAL Core.
Synchronization occurs automatically every 2 mins (configurable via `CONFIG_AUTO_RELOAD_SCHEDULE_DELAY_MILLISECONDS`).
**Important**: Sync state is not available for sensitive information (API keys/tokens/auth settings).
**Synced**:
Entity's states are identical in Admin and in Core for valid entities or entity is missing in Core for invalid entities.
**In progress...**:
If Synced conditions are not met and changes were applied within last 2 mins (this period is configurable via `CONFIG_EXPORT_SYNC_DURATION_THRESHOLD_MS`).
**Out of sync**:
If Synced conditions are not met and changes were applied more than 2 mins ago (this period is configurable via `CONFIG_EXPORT_SYNC_DURATION_THRESHOLD_MS`).
**Unavailable**:
Displayed when it is not possible to determine the entity's state in Core. This occurs if:
- The config was not received from Core for any reason.
- The configuration of entities in Core is not entirely compatible with the one in the Admin service. |
+| **Display Name** | Yes | Name of the role displayed on UI. |
+| **Description** | No | Optional description of a role. |
+| **Topics** | No | Tags that you can assign to roles (e.g. "admin", "user"). Helps to split roles into categories for better navigation on UI. |
+| **Set cost limits** | No | These settings allow configuring [token usage limitations](/docs/platform/3.core/8.token-limits-and-cost-control.md#token-rate-limiting).
**Available values**: Tokens per minute, Tokens per day, Tokens per week, Tokens per month.
In case limitations for a specific role are not set, the limitations configured for the **default** role apply. In case limitations for the **default** role are not set, the value is unlimited.
Refer to [DIAL Core documentation](https://github.com/epam/ai-dial-core/blob/development/docs/dynamic-settings/roles.md) to learn more about available usage and cost limitations for roles. |
+| **Sharing** | No | Use to set the [sharing limits](/docs/tutorials/1.developers/1.work-with-resources/1.sharing.md) that apply for specific types of resources in DIAL.
**Expiration time** refers to TTL of the sharing link. Default: 72 hrs.
**Max users** refers to the maximum number of users who can accept a sharing link for a resource being shared. The limit is applied to the shared resource. Default: 10 for APPLICATION and UNLIMITED for other resource types.
Refer to [DIAL Core documentation](https://github.com/epam/ai-dial-core/blob/development/docs/dynamic-settings/roles.md#rolesrole_nameshare) to learn more about sharing limitations. |
+
### Entities
In the Entities tab, you can assign which [Models](/docs/tutorials/3.admin/entities-models.md), [Applications](/docs/tutorials/3.admin/entities-applications.md), [Toolsets](/docs/tutorials/3.admin/entities-toolsets.md) or [Routes](/docs/tutorials/3.admin/entities-routes.md) this role can access, and within which rate limits.
-
-
-| Column | Definition |
-|-----------------------|------------------|
-| **ID** | This is a unique key under of the Entity (e.g., Model, Application).|
-| **Display Name** | A user-friendly name of the resource (Model, Application, or Route) as shown in DIAL.|
-| **Description** | A brief description of the resource. |
-| **Type** | Resource category: one of [Models](/docs/tutorials/3.admin/entities-models.md), [Applications](/docs/tutorials/3.admin/entities-applications.md), [Toolsets](/docs/tutorials/3.admin/entities-toolsets.md) or [Routes](/docs/tutorials/3.admin/entities-routes.md). |
-| **Tokens per minute** | Maximum number of tokens this role may consume per minute when calling this resource.|
-| **Tokens per day** | Maximum number of tokens this role may consume per day when calling this resource. |
-| **Tokens per week** | Maximum number of tokens this role may consume per week when calling this resource. |
-| **Tokens per month** | Maximum number of tokens this role may consume per month when calling this resource. |
-
-#### Add
-
-Follow these steps to assign one or more entities to the selected role:
+| Column | Definition |
+|--------|------------|
+| **ID** | Unique identifier of a role. |
+| **Display Name** | Name of a role displayed on UI. |
+| **Description** | A brief description of a role. |
+| **Type** | Resource category: one of [Models](/docs/tutorials/3.admin/entities-models.md), [Applications](/docs/tutorials/3.admin/entities-applications.md), [Toolsets](/docs/tutorials/3.admin/entities-toolsets.md) or [Routes](/docs/tutorials/3.admin/entities-routes.md). |
+| **Tokens per minute** | Maximum number of tokens this role may consume per minute when calling this resource.
Available to applications and models. |
+| **Tokens per day** | Maximum number of tokens this role may consume per day when calling this resource.
Available to applications and models. |
+| **Tokens per week** | Maximum number of tokens this role may consume per week when calling this resource.
Available to applications and models. |
+| **Tokens per month** | Maximum number of tokens this role may consume per month when calling this resource.
Available to applications and models. |
-1. Click **+ Add** (top-right of the Entities Grid).
-2. **Select** one or more applications/models in the modal window.
-3. **Confirm** to insert them into the table.
+
-#### Remove
+##### Available actions
-Follow these steps to revoke an assigned entity from the selected role:
-
-1. Click the **actions** menu in the entity's line.
-2. Choose **Remove** in the menu.
+| Action | Description |
+|--------|-------------|
+| Add | Use to add a new entity which the selected role can access. |
+| Remove | Use to remove entities and disable role's access to them. |
+| Set unlimited | Use to set an unlimited token usage for selected entities.
Available to applications and models. |
### Keys
In the Keys tab, you can assign [API keys](/docs/tutorials/3.admin/access-management-keys.md) for roles. API keys are defined in the [Access Management → Keys](/docs/tutorials/3.admin/access-management-keys.md) section.
-
-
-| Column | Definition |
-|-------------------------|-------------|
-| **ID** | A unique key under the Keys section of DIAL Admin.|
-| **Display Name** | A user-friendly name of the Key. |
-| **Description** | Additional key’s details, e.g., purpose or usage context. |
-| **Key generation time** | A key's creation timestamp. |
-| **Expiration time** | A key's expiration timestamp. Blank means no expiration (i.e. permanent until manually revoked). |
-| **Status** | The current state of the key. |
-| **Project** | Project associated with the key for the costs tracking purpose. |
-
-#### Add
-
-Follow these steps to assign one or more API keys to the selected role:
-
-1. Click **+ Add** (top-right of the Keys Grid).
-2. **Select** one or more keys in the modal. Available API keys are defined in the [Access Management → Keys](/docs/tutorials/3.admin/access-management-keys.md) section.
-3. **Confirm** to insert them into the table.
-
-#### Remove
+| Column | Description |
+|--------|-------------|
+| Display Name | Name of the API key displayed on UI. |
+| Description | Description of a key. |
+| ID | Unique key identifier. |
+| Creation time | Key's creation timestamp. |
+| Key generation time | Generation timestamp of the secret value of the key. |
+| Expiration time | Key's expiration timestamp. Blank means no expiration (i.e. permanent until manually revoked). |
+| Status | The current state of the key. |
+| Topics | Semantic tags associated with a key. |
+| Updated time | Timestamp of the last update. |
+| Project | Project associated with the key for the costs tracking purpose. |
-Follow these steps to revoke an assigned API key from the selected role:
+
-1. Click the **actions** menu in the key's line.
-2. Choose **Remove** in the menu.
+##### Available actions
-> To delete API key, go to [Access Management → Keys](/docs/tutorials/3.admin/access-management-keys.md) section.
+| Action | Description |
+|--------|-------------|
+| Add | Use to add API keys which the selected role can use. |
+| Remove | Use to disconnect the selected role from API keys. To delete API key, go to [Keys](/docs/tutorials/3.admin/access-management-keys.md). |
### Audit
-In the **Audit** tab, you can monitor activities related to the selected role.
-
-#### Activities
-
The Activities section provides detailed visibility into all changes made to the selected role. This section mimics the functionality available in the global [Audit → Activities](/docs/tutorials/3.admin/telemetry-activity-audit.md) menu, but is scoped specifically to the selected role.
-##### Activities List Table
-
-| **Field** | **Definition** |
-|-------------------|-------------|
-| **Activity type** | The type of action performed on the role (e.g., Create, Update, Delete). |
-| **Time** | Timestamp indicating when the activity occurred. |
-| **Initiated** | Email address of the user who performed the activity. |
-| **Activity ID** | A unique identifier for the logged activity, used for tracking and auditing. |
-| **Actions** | Available actions:
- **View details**: Click to open a new screen with activity details. Refer to [Activity Details](#activity-details) to learn more.
- **Resource rollback**: Use Resource Rollback to restore the previous version of the related resource. A rollback leads to generation of a new entry on the audit activity screen. |
-
-##### Activity Details
-
-The Activity Details view provides a detailed snapshot of a specific change made to a role.
-
-
-
-To open Activity Details, click on the three-dot menu (⋮) at the end of a row in the Activities grid and select “View Details”.
-
-| **Element/Section** | **Description** |
-|----------------------|------------------|
-| **Activity type** | Type of the change performed (e.g., Update, Create, Delete).|
-| **Time** | Timestamp of the change.|
-| **Initiated** | Identifier of the user who made the change. |
-| **Activity ID** | Unique identifier for the specific activity tracking. |
-| **Comparison** | A dropdown to switch between comparison modes:
- **Before/After**
- **Before/Current state**. |
-| **View** | A dropdown to switch between view modes:
- **All parameters**: select to view all parameters.
- **Changes only**: select to view just the parameters that have been changed. |
-| **Parameters Diff** | Side-by-side comparison of role fields values before and after the change. Color-coding is used to indicate the operation type (Update, Create, Delete). |
-
-
### JSON Editor
**Advanced users with technical expertise** can work with the roles properties in a JSON editor view mode. It is useful for advanced scenarios of bulk updates, copy/paste between environments, or tweaking settings not exposed on UI.
@@ -188,8 +145,4 @@ In JSON editor, you can use the view dropdown to select between Admin format and
2. Click the **JSON Editor** toggle (top-right). The UI reveals the raw JSON.
3. Chose between the Admin and Core format to see and work with properties in the necessary format. **Note**: Core format view mode does not render the actual configuration stored in DIAL Core but the configuration in Admin service displayed in the DIAL Core format.
4. Make changes and click **Save** to apply them.
-5. After making changes, the **Sync with core** indicator on the main configuration screen will inform you about the synchronization state with DIAL Core.
-
-## Delete
-
-Click **Delete** on the main screen to permanently remove the selected role.
\ No newline at end of file
+5. After making changes, the **Sync with core** indicator on the main configuration screen will inform you about the synchronization state with DIAL Core.
\ No newline at end of file
diff --git a/docs/tutorials/3.admin/img/keys-audit.png b/docs/tutorials/3.admin/img/keys-audit.png
new file mode 100644
index 000000000..21abf6d2e
Binary files /dev/null and b/docs/tutorials/3.admin/img/keys-audit.png differ
diff --git a/docs/tutorials/3.admin/img/keys-delete.png b/docs/tutorials/3.admin/img/keys-delete.png
new file mode 100644
index 000000000..83e8eac19
Binary files /dev/null and b/docs/tutorials/3.admin/img/keys-delete.png differ
diff --git a/docs/tutorials/3.admin/img/keys-properties.png b/docs/tutorials/3.admin/img/keys-properties.png
new file mode 100644
index 000000000..63aee1cf6
Binary files /dev/null and b/docs/tutorials/3.admin/img/keys-properties.png differ
diff --git a/docs/tutorials/3.admin/img/keys-roles.png b/docs/tutorials/3.admin/img/keys-roles.png
new file mode 100644
index 000000000..8234b5dd1
Binary files /dev/null and b/docs/tutorials/3.admin/img/keys-roles.png differ
diff --git a/docs/tutorials/3.admin/img/keys-rotation.png b/docs/tutorials/3.admin/img/keys-rotation.png
new file mode 100644
index 000000000..30978c3b3
Binary files /dev/null and b/docs/tutorials/3.admin/img/keys-rotation.png differ
diff --git a/docs/tutorials/3.admin/img/roles-delete.png b/docs/tutorials/3.admin/img/roles-delete.png
new file mode 100644
index 000000000..40c5e7203
Binary files /dev/null and b/docs/tutorials/3.admin/img/roles-delete.png differ
diff --git a/docs/tutorials/3.admin/img/roles-entities.png b/docs/tutorials/3.admin/img/roles-entities.png
new file mode 100644
index 000000000..fdc06b6a8
Binary files /dev/null and b/docs/tutorials/3.admin/img/roles-entities.png differ
diff --git a/docs/tutorials/3.admin/img/roles-properties.png b/docs/tutorials/3.admin/img/roles-properties.png
new file mode 100644
index 000000000..543ac3353
Binary files /dev/null and b/docs/tutorials/3.admin/img/roles-properties.png differ
diff --git a/docs/tutorials/3.admin/img/roles.png b/docs/tutorials/3.admin/img/roles.png
new file mode 100644
index 000000000..66eb02229
Binary files /dev/null and b/docs/tutorials/3.admin/img/roles.png differ