Migrated issue from: https://github.com/stolostron/backlog/issues/21288

Value Statement

ACM Admin can control which users are authorized to use search.

Acceptance Criteria

•  The search API is protected by RBAC. Users must be granted permission to search.
•  Search UI provides a clear message when user is not authorized.
•  Application UI is able to use the search API.

Implementation Details

See draft of RBAC implementation document.

Definition of Done for Engineering Story Owner (Checklist)

Development Complete

•  Code is complete.
•  Functionality is working.
•  Any required downstream Docker file changes are made.

Tests Automated

•  Unit/function tests have been automated and incorporated into build.
•  100% automated unit/function test coverage for new or changed APIs.

Secure Design

•  Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

•  Create an informative documentation issue using the Customer Portal_doc_issue template, and ensure doc acceptance criteria is met. Link the development issue to the doc issue.
•  Provide input to the QE team, and ensure QE acceptance criteria (established between story owner and QE focal) is met.

Support Readiness

•  The must-gather script has been updated.