docs: add entity rel sec, incorporate remaining autho content into relation ref

Author: tmihoc

howto/manage-relations.md

@@ -5,7 +5,7 @@
 (add-a-relation)=
 ## Add a relation
 
-Given two entities A and B, to add a relation between run the `auth relation add` command followed by the tag of A, the access level you want to give A from the list supported by B, and the tag of B. For example, to add a relation where you make user `[email protected]` a `member` of the `mygroup` group:
+Given two entities A and B, to add a relation between them run the `auth relation add` command followed by the tag of A, the desired B relation, and the tag of B. For example, to add a relation where you make user `[email protected]` a `member` of the `mygroup` group:
 
 ```text
 jimmctl auth relation add [email protected] member group-mygroup
@@ -20,7 +20,7 @@ jimmctl auth relation add [email protected] member group-mygroup
 (verify-a-relation)=
 ## Verify a relation
 
-Given two entities A and B, to verify that there is a relation between them with a specific access level, run the `auth relation check` command followed by the tag of A, the access level, and the tag of B. For example:
+Given two entities A and B, to verify that there is a specific relation between them, run the `auth relation check` command followed by the tag of A, the relation, and the tag of B. For example:
 
 ```text
 jimmctl auth relation check [email protected] administrator controller-aws-controller-1
@@ -43,7 +43,7 @@ jimmctl auth relation list [options]
 (remove-a-relation)=
 ## Remove a relation
 
-Given two entities A and B and a pre-existing relation between them, to remove the relation, run the `auth relation remove` command followed by the tag of A, the access level that A has to B, and the tag of B. For example:
+Given two entities A and B and a pre-existing relation between them, to remove the relation, run the `auth relation remove` command followed by the tag of A, the relation, and the tag of B. For example:
 
 ```text
 jimmctl auth relation remove [email protected] member group-mygroup

redirects.txt

@@ -31,4 +31,6 @@ howto/add_controller/ howto/manage-juju-controllers/
 howto/setup_ingress_with_tls/ howto/manage-jimm-controllers/
 howto/setup_dashboard/ howto/manage-jimm-controllers/
 howto/bootstrap_permissions/ howto/manage-jimm-controllers/
-reference/jaas/authorisation_data/ reference/relation/
+reference/jaas/authorisation_data/ reference/relation/
+reference/jaas/authorisation_model/ reference/relation/
+reference/jaas/authorisation/ reference/jaas/relation/

reference/cloud.md

@@ -13,16 +13,20 @@ A cloud tag has the following format:
 cloud-<cloud name>
 ```
 
+(cloud-relation)=
+## Cloud relation
+
+A cloud relation is a {ref}`relation <relation>` that describes permissions on a cloud.
+
 (list-of-cloud-relations)=
-## List of cloud relations
-> See first: {ref}`relation`
+### List of cloud relations
 
 (cloud-relation-administrator)=
-### `administrator`
+#### `administrator`
 
 Abilities: Can do anything that it is possible to do at the level of a cloud.
 
 (cloud-relation-can-addmodel)=
-### `can_addmodel`
+#### `can_addmodel`
 
 Abilities: Can add a model and grant another user model-level permissions.

reference/controller.md

@@ -14,16 +14,21 @@ A controller tag has the following format:
 controller-<controller name>
 ```
 
+(controller-relation)=
+## Controller relation
+
+A controller relation is a {ref}`relation <relation>` that describes permissions on a controller.
+
 (list-of-controller-relations)=
-## List of controller relations
+### List of controller relations
 > See first: {ref}`relation`
 
 (controller-relation-administrator)=
-### `administrator`
+#### `administrator`
 
 Abilities: Can do anything that it is possible to do at the level of a controller. This grants permissions to all resources that inherit from controller access.
 
 (controller-relation-audit-log-viewer)=
-### `audit_log_viewer`
+#### `audit_log_viewer`
 
 Abilities: Can read audit logs.

reference/group.md

@@ -17,13 +17,16 @@ group-<group id>
 
 where `group id` represents the unique identifier of the group.
 
+(group-relation)=
+## Group relation
+
+A group relation is a {ref}`relation <relation>` that describes permissions on a group.
 
 (list-of-group-relations)=
-## List of group relations
-> See first: {ref}`relation`
+### List of group relations
 
 (group-relation-member)=
-### `member`
+#### `member`
 
 Abilities: Shares the group's access level to Juju resources and JIMM logs.
 

reference/images/authorisation_model.png

@@ -15,21 +15,25 @@ model-<controller name>/<model name>
 where `<controller name>` specifies name of the controller on which the model
 is running and `<model name>` specifies the name of the model.
 
+(model-relation)=
+## Model relation
+
+A model relation is a {ref}`relation <relation>` that describes permissions on a model.
+
 (list-of-model-relations)=
-## List of model relations
-> See first: {ref}`relation`
+### List of model relations
 
 (model-relation-reader)=
-### `reader`
+#### `reader`
 
 Abilities: Can view the content of a model without changing it. Can use any of the read commands.
 
 (model-relation-writer)=
-### `writer`
+#### `writer`
 
 Abilities: Can deploy and manage applications on the model.
 
 (model-relation-administrator)=
-### `administrator`
+#### `administrator`
 
 Abilities: Can do anything that it is possible to do at the level of a model.This grants permissions to all resources that inherit from model access.

reference/jaas/authorisation.md

@@ -18,10 +18,13 @@ where `<controller name>` specifies name of the controller on which the model
 is running, `<model name>` specifies name of the model in which the application
 offer was created and `<offer name>` specifies the name of the application offer.
 
+(offer-relation)=
+## Offer relation
+
+An offer relation is a {ref}`relation <relation>` that describes permissions on a offer.
 
 (list-of-offer-relations)=
 ## List of offer relations
-> See first: {ref}`relation`
 
 (offer-relation-administrator)=
 ### `administrator`