Docs for stack role assumptions

[peterdeme]

Description of the change

Introduction of the new stack role attachments feature and the deprecation of the administrative flag.

Checklist

Please make sure that the proposed change checks all the boxes below before requesting a review:

• I have reviewed the guidelines for contributing to this repository.
• The preview looks fine.
• The tests pass.
• The commit history is clean and meaningful.
• The pull request is opened against the main branch.
• The pull request is no longer marked as a draft.
• You agree to license your contribution under the MIT license to Spacelift (not required for Spacelift employees).
• You have updated the navigation files correctly:
  • No new pages have been added, or;
  • Only nav.yaml has been updated because the changes only apply to SaaS, or;
  • Only nav.self-hosted.yaml has been updated because the changes only apply to Self-Hosted, or;
  • Both nav.yaml and nav.self-hosted.yaml have been updated.

If the proposed change is ready to be merged, please request a review from @spacelift-io/solutions-engineering. Someone will review and merge the pull request.

Spacelift employees should request reviews from the relevant engineers and are allowed to merge pull requests after they got at least one approval.

Thank you for your contribution! 🙇

---

Note

Introduces stack role attachments (replacing the administrative flag) and updates RBAC, policies, schemas, APIs, guides, and navigation accordingly.

• Authorization & RBAC:
  • Add docs/concepts/authorization/assigning-roles-stacks.md detailing stack role attachments, cascading, prerequisites, Terraform/UI flows, examples, and migration off the administrative flag (effective 2026-06-01).
  • Update rbac-system.md and authorization/README.md to include stacks as actors and link new guide.
• Policies & Inputs:
  • Add stack.roles to policy inputs (approval, notification, push, run-initialization, task, trigger, plan); include examples using role slugs.
  • Warn about deprecated administrative flag where relevant (e.g., stack-access-policy).
• Blueprints:
  • Support role bindings in blueprints (attachments.roles), add JSON schema role_binding, and update comprehensive example; deprecate administrative in examples.
• Stacks UX/Guides:
  • Insert new "Assign roles" step in stack creation guides; remove/soft-deprecate administrative setting in behavior; clarify external state access requires Space writer role.
  • Expand stack-settings.md with deprecation notice and migration guidance.
• Integrations & API:
  • Audit trail payloads include actor_roles; document usage.
  • Update AWS/GCP integration docs to reference role-attached stacks.
  • API examples remove administrative field; Insomnia collection updated.
• Product:
  • Changelog entry announcing stack role attachments and admin flag deprecation.
• Spaces & Access Control:
  • Update space docs to reference role attachments and login policy editing permissions.
• Navigation:
  • Add concepts/authorization/assigning-roles-stacks.md to nav.yaml.
• Misc:
  • Minor table formatting fixes and copy edits across affected pages.

^{Written by Cursor Bugbot for commit 097e843. This will update automatically on new commits. Configure here.}

[KiraLempereur-Spacelift]

These look beautiful! Let's get them all merged in :)

[peterdeme]

@KiraLempereur-Spacelift not yet, we need to wait a bit until the release day

[KiraLempereur-Spacelift]

@KiraLempereur-Spacelift not yet, we need to wait a bit until the release day

Perfect, we should be ready for when release day comes then! Thanks so much for handling these.