Updating licenses, access, and RBAC (#6310)

## What are you changing in this pull request and why?

- Updates RBAC links
- Removes stale page
- Updates permissions specific links (they just go to the main page
anyway)
- Cut back on the service tokens permissions list as it was inconsistent
and linking to areas that don't exist. Updated to link to the
permissions page at the top

## Checklist
- [ ] I have reviewed the [Content style
guide](https://github.com/dbt-labs/docs.getdbt.com/blob/current/contributing/content-style-guide.md)
so my content adheres to these guidelines.
- [ ] The topic I'm writing about is for specific dbt version(s) and I
have versioned it according to the [version a whole
page](https://github.com/dbt-labs/docs.getdbt.com/blob/current/contributing/single-sourcing-content.md#adding-a-new-version)
and/or [version a block of
content](https://github.com/dbt-labs/docs.getdbt.com/blob/current/contributing/single-sourcing-content.md#versioning-blocks-of-content)
guidelines.
- [ ] I have added checklist item(s) to this list for anything anything
that needs to happen before this PR is merged, such as "needs technical
review" or "change base branch."
<!--
PRE-RELEASE VERSION OF dbt (if so, uncomment):
- [ ] Add a note to the prerelease version [Migration
Guide](https://github.com/dbt-labs/docs.getdbt.com/tree/current/website/docs/docs/dbt-versions/core-upgrade)
-->
<!-- 
ADDING OR REMOVING PAGES (if so, uncomment):
- [ ] Add/remove page in `website/sidebars.js`
- [ ] Provide a unique filename for new pages
- [ ] Add an entry for deleted pages in `website/vercel.json`
- [ ] Run link testing locally with `npm run build` to update the links
that point to deleted pages
-->

<!-- vercel-deployment-preview -->
---
🚀 Deployment available! Here are the direct links to the updated files:


-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/best-practices/how-we-mesh/mesh-5-faqs
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/cloud/about-cloud/architecture
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/cloud/manage-access/about-access
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/cloud/manage-access/cloud-seats-and-users
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/cloud/manage-access/enterprise-permissions
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/cloud/manage-access/environment-permissions
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/cloud/manage-access/licenses-and-groups
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/cloud/manage-access/set-up-sso-google-workspace
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/cloud/manage-access/set-up-sso-okta
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/dbt-cloud-apis/service-tokens
-
https://docs-getdbt-com-git-cleanup-access-dbt-labs.vercel.app/docs/deploy/webhooks

<!-- end-vercel-deployment-preview -->

---------

Co-authored-by: Leona B. Campbell <[email protected]>

website/docs/best-practices/how-we-mesh/mesh-5-faqs.md

@@ -215,7 +215,7 @@ There’s model-level access within dbt, role-based access for users and groups
 
 First things first: access to underlying data is always defined and enforced by the underlying data platform (for example, BigQuery, Databricks, Redshift, Snowflake, Starburst, etc.) This access is managed by executing “DCL statements” (namely `grant`). dbt makes it easy to [configure `grants` on models](/reference/resource-configs/grants), which provision data access for other roles/users/groups in the data warehouse. However, dbt does _not_ automatically define or coordinate those grants unless they are configured explicitly. Refer to your organization's system for managing data warehouse permissions.
 
-[dbt Cloud Enterprise plans](https://www.getdbt.com/pricing) support [role-based access control (RBAC)](/docs/cloud/manage-access/enterprise-permissions#how-to-set-up-rbac-groups-in-dbt-cloud) that manages granular permissions for users and user groups. You can control which users can see or edit all aspects of a dbt Cloud project. A user’s access to dbt Cloud projects also determines whether they can “explore” that project in detail. Roles, users, and groups are defined within the dbt Cloud application via the UI or by integrating with an identity provider.
+[dbt Cloud Enterprise plans](https://www.getdbt.com/pricing) support [role-based access control (RBAC)](/docs/cloud/manage-access/about-user-access#role-based-access-control-) that manages granular permissions for users and user groups. You can control which users can see or edit all aspects of a dbt Cloud project. A user’s access to dbt Cloud projects also determines whether they can “explore” that project in detail. Roles, users, and groups are defined within the dbt Cloud application via the UI or by integrating with an identity provider.
 
 [Model access](/docs/collaborate/govern/model-access) defines where models can be referenced. It also informs the discoverability of those projects within dbt Explorer. Model `access` is defined in code, just like any other model configuration (`materialized`, `tags`, etc).
 

website/docs/docs/cloud/about-cloud/architecture.md

@@ -48,7 +48,7 @@ The git repo information is stored on dbt Cloud servers to make it accessible du
 
 ### Authentication services
 
-The default settings of dbt Cloud enable local users with credentials stored in dbt Cloud. Still, integrations with various authentication services are offered as an alternative, including [single sign-on services](/docs/cloud/manage-access/sso-overview). Access to features can be granted/restricted by role using [RBAC](/docs/cloud/manage-access/enterprise-permissions).
+The default settings of dbt Cloud enable local users with credentials stored in dbt Cloud. Still, integrations with various authentication services are offered as an alternative, including [single sign-on services](/docs/cloud/manage-access/sso-overview). Access to features can be granted/restricted by role using [RBAC](/docs/cloud/manage-access/about-user-access#role-based-access-control-).
 
 SSO features are essential because they reduce the number of credentials a user must maintain. Users sign in once and the authentication token is shared among integrated services (such as dbt Cloud). The token expires and must be refreshed at predetermined intervals, requiring the user to go through the authentication process again. If the user is disabled in the SSO provider service, their access to dbt Cloud is disabled, and they cannot override this with local auth credentials. 
 

website/docs/docs/cloud/manage-access/about-access.md

@@ -89,7 +89,7 @@ There are three license types in dbt Cloud:
 
 - **Developer** — User can be granted _any_ permissions.
 - **Read-Only** — User has read-only permissions applied to all dbt Cloud resources regardless of the role-based permissions that the user is assigned.
-- **IT** — User has [Security Admin](/docs/cloud/manage-access/enterprise-permissions#security-admin) and [Billing Admin](/docs/cloud/manage-access/enterprise-permissions#billing-admin) permissions applied, regardless of the group permissions assigned.
+- **IT** — User has Security Admin and Billing Admin [permissions](/docs/cloud/manage-access/enterprise-permissions) applied, regardless of the group permissions assigned.
 
 Developer licenses will make up a majority of the users in your environment and have the highest impact on billing, so it's important to monitor how many you have at any given time.
 

website/docs/docs/cloud/manage-access/cloud-seats-and-users.md

@@ -55,7 +55,7 @@ If you're on an Enterprise plan and have the correct [permissions](/docs/cloud/m
 
 - To add a user, go to **Account Settings** and select **Users**. 
   - Click the [**Invite Users**](/docs/cloud/manage-access/invite-users) button. 
-  - For fine-grained permission configuration, refer to [Role based access control](/docs/cloud/manage-access/enterprise-permissions).
+  - For fine-grained permission configuration, refer to [Role based access control](/docs/cloud/manage-access/about-user-access#role-based-access-control-).
 
 
 </TabItem>

website/docs/docs/cloud/manage-access/enterprise-permissions.md

@@ -22,22 +22,14 @@ The following roles and permission sets are available for assignment in dbt Clou
 
 :::tip Licenses or Permission sets
 
-The user's [license](/docs/cloud/manage-access/seats-and-users) type always overrides their assigned permission set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account.
+The user's [license](/docs/cloud/manage-access/about-user-access) type always overrides their assigned permission set. This means that even if a user belongs to a dbt Cloud group with 'Account Admin' permissions, having a 'Read-Only' license would still prevent them from performing administrative actions on the account.
 :::
 
 <Permissions feature={'/snippets/_enterprise-permissions-table.md'} />
 
-## How to set up RBAC Groups in dbt Cloud
+## Additional resources
 
-Role-Based Access Control (RBAC) is helpful for automatically assigning permissions to dbt admins based on their SSO provider group associations. RBAC does not apply to [model groups](/docs/collaborate/govern/model-access#groups).
+- [Grant users access](/docs/cloud/manage-access/about-user-access#grant-access)
+- [Role-based access control](/docs/cloud/manage-access/about-user-access#role-based-access-control-)
+- [Environment-level permissions](/docs/cloud/manage-access/environment-permissions)
 
-1. Click the gear icon to the top right and select **Account Settings**. Click **Groups & Licenses**
-
-<Lightbox src="/img/docs/dbt-cloud/Select-Groups-RBAC.png" width="70%" title="Navigate to Groups"/>
-
-2. Select an existing group or create a new group to add RBAC. Name the group (this can be any name you like, but it's recommended to keep it consistent with the SSO groups). If you have configured SSO with SAML 2.0, you may have to use the GroupID instead of the name of the group.
-3. Configure the SSO provider groups you want to add RBAC by clicking **Add** in the **SSO** section. These fields are case-sensitive and must match the source group formatting.
-4. Configure the permissions for users within those groups by clicking **Add** in the **Access** section of the window.
-<Lightbox src="/img/docs/dbt-cloud/Configure-SSO-Access.png" width="45%"  title="Configure SSO groups and Access permissions"/>
-
-5. When you've completed your configurations, click **Save**. Users will begin to populate the group automatically once they have signed in to dbt Cloud with their SSO credentials.

website/docs/docs/cloud/manage-access/environment-permissions.md

@@ -77,4 +77,4 @@ If the user has the same roles across projects, you can apply environment access
 
 
 ## Related docs
--[Environment-level permissions setup](/docs/cloud/manage-access/environment-permissions-setup)
+- [Environment-level permissions setup](/docs/cloud/manage-access/environment-permissions-setup)

website/docs/docs/cloud/manage-access/set-up-sso-google-workspace.md

@@ -117,7 +117,7 @@ If the verification information looks appropriate, then you have completed the c
 
 ## Setting up RBAC
 Now you have completed setting up SSO with GSuite, the next steps will be to set up
-[RBAC groups](/docs/cloud/manage-access/enterprise-permissions) to complete your access control configuration.
+[RBAC groups](/docs/cloud/manage-access/about-user-access#role-based-access-control-) to complete your access control configuration.
 
 ## Troubleshooting
 

website/docs/docs/cloud/manage-access/set-up-sso-okta.md

@@ -190,4 +190,4 @@ configured in the steps above.
 
 ## Setting up RBAC
 Now you have completed setting up SSO with Okta, the next steps will be to set up
-[RBAC groups](/docs/cloud/manage-access/enterprise-permissions) to complete your access control configuration.
+[RBAC groups](/docs/cloud/manage-access/about-user-access#role-based-access-control-) to complete your access control configuration.