hazelcast · kutluhanmetin · Nov 6, 2024 · Nov 7, 2024 · Nov 28, 2024 · Nov 28, 2024
@@ -30,7 +30,9 @@
 * xref:resource-configuration.adoc[Configuring Resource Limits]
 * xref:hazelcast-parameters.adoc[Configuring System Properties]
 * xref:advanced-networking.adoc[Advanced Networking]
-* xref:tls.adoc[Configuring TLS]
+* [Security]
+** xref:tls.adoc[Configuring TLS]
+** xref:client-auth.adoc[Configuring Client Authentication]
 * xref:user-code-namespaces.adoc[User Code Namespaces]
 * xref:authorization.adoc[Authorization Methods to Access Cloud Storage]
 * Data Pipelines

diff --git a/docs/modules/ROOT/pages/client-auth.adoc b/docs/modules/ROOT/pages/client-auth.adoc
@@ -0,0 +1,109 @@
+= Client Authentication and Authorization
+
+Use the Hazelcast Platform Operator to configure xref:hazelcast:security:authentication-overview.adoc[Client Authentication] and xref:hazelcast:security:client-authorization.adoc[Client Authorization].
+
+== Simple Authentication
+
+You can easily use xref:hazelcast:security:simple-authentication.adoc[Hazelcast Simple Authentication] by making minimal changes in the original configuration.
+
+For example:
+
+[source,yaml]
+----
+security:
+  enabled: true
+  realms:
+    - name: simpleRealm-clients
+      authentication:
+        simple:
+          users:
+          - secretName: user1-secret
+            roles:
+              - admin
+          - secretName: user2-secret
+            roles:
+              - monitor
+              - application
+  client-authentication:
+    realm: simpleRealm-clients
+  client-permissions:
+    all:
+      principal: admin
+      endpoints:
+        - 127.0.0.1
+    map:
+      - name: playground
+        actions:
+          - all
+      - name: accounts
+        principal: monitor
+        actions:
+          - read
+      - name: accounts
+        principal: application
+        endpoints:
+          - 192.168.1.*
+          - 192.168.2.*
+        actions:
+          - create
+          - destroy
+          - put
+          - read
+          - remove
+          - lock
+----
+
+This can be converted as:
+
+[source,yaml]
+----
+security:
+    realms:
+      - name: simpleRealm-clients
+        authentication:
+          simple:
+            users:
+            - secretName: user1-secret
+              roles:
+                - admin
+            - secretName: user2-secret
+              roles:
+                - monitor
+                - application
+    clientAuthentication:
+      realm: simpleRealm-clients
+    clientPermissions:
+      all:
+        principal: admin
+        endpoints:
+          - 127.0.0.1
+      permissions:
+        map:
+          - name: playground
+            actions:
+              - all
+          - name: accounts
+            principal: monitor
+            actions:
+              - read
+          - name: accounts
+            principal: application
+            endpoints:
+              - 192.168.1.*
+              - 192.168.2.*
+            actions:
+              - create
+              - destroy
+              - put
+              - read
+              - remove
+              - lock
+----
+
+Required Changes:
+
+* `security.enabled` should be removed.
+* convert kebab cases to camel cases:
+** `client-authentication` -> `clientAuthentication`
+** `client-permissions` -> `clientPermissions`
+* add `permissions` node to `clientPermissions` to wrap permissions other than `all`.