Document v11.8.0 membership policies, recommended channels, leave confirmation, and policy simulation

[Combs7th]

Updates the ABAC / membership policy docs for Mattermost v11.8.0:

• Public vs. private channel membership policy behavior (advisory public channels)
• Channel-level file upload/download permission policies
• Simulate access (pre-save policy simulation) in System Console and Channel Settings
• Recommended Browse Channels filter and invite-flow Recommended tag
• Leave-confirmation modal (Leave channel vs. Mute instead)

Resolves #9032

Generated with Claude Code

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA d6d3dd0

[Combs7th]

Heya @isacikgoz - I have a draft ready for us covering the membership policy/public channel advisory behavior, recommended channel surfaces, leave confirmation modal, channel-level file upload/download permission policies, and Simulate access updates.

I tried to keep this minimal and focused on user/admin-visible behavior only. A few areas I’d especially appreciate review on:

1. Whether the public channel advisory behavior is described accurately.
2. Whether the Recommended filter/tag wording matches the shipped UI.
3. Whether the leave confirmation wording is accurate, especially what happens after a user leaves a policy-added public channel.
4. Whether the Simulate access entry points and behavior are described correctly.
5. Whether any “Access Control” → “Membership Policy” terminology should be adjusted further.

If all is good, we'll get these merged in.

Thanks!

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 620c38c

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR documents Mattermost v11.8.0 membership policy features across admin and end-user guides, covering policy configuration and simulation, public-vs.-private channel behaviour differences, resource-level file permission policies, the Recommended filter, and leave confirmations for policy-added public channels.

Changes

Membership Policies and Channel Access Control Documentation

Layer / File(s)	Summary
Admin policy configuration and simulation capabilities source/administration-guide/manage/admin/abac-channel-access-rules.rst, source/administration-guide/manage/admin/abac-system-wide-policies.rst, source/administration-guide/manage/admin/attribute-based-access-control.rst	Clarifies self-service access rules apply to private channels, introduces new "Public and private channel behavior" section explaining membership policy enforcement differences (advisory/add-only for public channels, enforced remove/add for private), documents Channel-level permission policies (file upload/download), and expands "Simulate access" documentation (v11.8.0) with step-by-step preview of allowed/denied outcomes and draft rule evaluation behaviour.
End-user channel experience with membership policies source/end-user-guide/collaborate/browse-channels.rst, source/end-user-guide/collaborate/join-leave-channels.rst, source/end-user-guide/collaborate/manage-channel-members.rst	Describes the Recommended filter for policy-matched public channels (v11.8.0), distinguished member-add behaviour (filtering for private channels, tagging for public), and the leave confirmation flow for policy-added public channels with options to Leave, Mute instead, or Cancel depending on mute state.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• mattermost/docs#8951: Both PRs update ABAC membership-policy documentation to explain public-vs.-private channel behaviour (public/advisory add-only vs. private/enforced remove/add), with this PR's new "Public and private channel behavior" section building directly on the policy enforcement distinctions from that earlier work.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main changes covering membership policies, recommended channels, leave confirmation, and policy simulation for v11.8.0.
Description check	✅ Passed	The description relates directly to the changeset, covering membership policy behaviour, permission policies, simulation features, and UI elements documented.
Linked Issues check	✅ Passed	The PR comprehensively addresses all key requirements from issue #9032: membership policies on public/private channels, simulation experience, recommended channels/tags, leave-confirmation modal with Mute option, and file permission policies.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to documenting Mattermost v11.8.0 ABAC and membership policy features as specified in issue #9032; no unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch claude/issue-9032-20260613-0052

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@source/administration-guide/manage/admin/abac-system-wide-policies.rst`:
- Around line 65-78: The lead-in still describes testing a rule against the
whole user base and counting granted users; update that opening paragraph (the
line that starts "Select **Test access rule** to test the rule against your user
base to return how many users would be granted access...") to instead describe
the "Simulate access" feature as a per-user, pre-save simulation that previews
allowed and denied outcomes for selected users in the policy editor of the
System Console; keep references to "Select Test access rule" and "Simulate
access" and briefly note it previews per-user allow/deny outcomes before saving
rather than returning a user count.

In `@source/end-user-guide/collaborate/join-leave-channels.rst`:
- Around line 112-120: Update the "Leave a public channel added by a membership
policy" paragraph: after the sentences that explain the difference between the
"Leave channel" and "Mute instead" choices, add a concise sentence stating that
choosing "Leave channel" may also remove the channel from Recommended while
choosing "Mute instead" keeps you in the channel (and preserves its Recommended
status); reference the existing phrases "Leave channel" and "Mute instead" so
the new sentence is placed with those explanations.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 47564942-0780-4d86-ac74-46b6e5a0a0fd

📥 Commits

Reviewing files that changed from the base of the PR and between ea7ca0d and d6d3dd0.

📒 Files selected for processing (6)

• source/administration-guide/manage/admin/abac-channel-access-rules.rst
• source/administration-guide/manage/admin/abac-system-wide-policies.rst
• source/administration-guide/manage/admin/attribute-based-access-control.rst
• source/end-user-guide/collaborate/browse-channels.rst
• source/end-user-guide/collaborate/join-leave-channels.rst
• source/end-user-guide/collaborate/manage-channel-members.rst

[Combs7th]

@wiersgallak - This one will need editor review as well after dev review is complete.

[wiersgallak]

@Combs7th This sentence is really clunky. Can you please give it another review?

[Combs7th]

Good callout here! I agree.

[Combs7th]

@claude - Please analyze the sentence above through the lense of Editor Evie, and commit the best possible alternative version that's more clear, concise, and less clunky.

[claude]

Claude finished @Combs7th's task in 1m 9s —— View job

---

Editor Evie review — line 23 rewrite

• Read the target sentence and surrounding context
• Load the Editor Evie persona
• Rewrite the sentence for clarity/concision
• Commit and push (56a7ce9)

What was clunky

Self-service channel access rules in the Access Control tab in Channel Settings are configured for private channels.

Through Evie's lens, the original had three issues:

1. Stacked prepositions — "in the … tab in Channel Settings" repeats in back-to-back, which reads awkwardly.
2. Vague passive verb — "are configured for private channels" buries the actual point. The rules don't get configured for private channels; they simply apply only to them. Readers couldn't tell whether this was a restriction or just a typical use case.
3. Redundant noun — "channel access rules … in Channel Settings" repeats channel.

Committed rewrite

Self-service access rules in the Access Control tab of Channel Settings apply only to private channels. Membership policies apply to both public and private channels, with behavior that varies by channel type. See :ref:Public and private channel behavior.

Changes: dropped the redundant channel, swapped the second in for of, and replaced the passive "are configured for" with the crisp, accurate "apply only to" — which makes the public/private distinction in the next sentence land cleanly. Also tightened "with different behavior by channel type" → "with behavior that varies by channel type." The :ref: link is unchanged.

[Combs7th]

@amyblais @wiersgallak - Do you think that wording clean-up above will suffice?

We will still need a dev review from @isacikgoz as well whenever able.

[github-actions]

Newest code from mattermost has been published to preview environment for Git SHA 56a7ce9