diff --git a/docs/components/modeler/web-modeler/collaboration.md b/docs/components/modeler/web-modeler/collaboration.md
index 9b2dfa5b06..75a23125c4 100644
--- a/docs/components/modeler/web-modeler/collaboration.md
+++ b/docs/components/modeler/web-modeler/collaboration.md
@@ -5,6 +5,8 @@ description: Collaboration features and access rights for Web Modeler.
---
import SuperUserModeImg from './img/super-user-mode.png';
+import Tabs from "@theme/Tabs";
+import TabItem from "@theme/TabItem";
Camunda 8 only
@@ -28,25 +30,50 @@ There are four roles with different levels of access rights that can be assigned
- **Commenter**: The user cannot edit folders or diagrams or invite users, but can view diagrams and properties and leave comments.
- **Viewer**: The user cannot edit folders or diagrams nor leave comments, but can only view diagrams.
-Additionally, the **Owner** and **Admins** of the organization have special privileges to do administrative tasks in **super-user mode**.
+Additionally, users with elevated access have special privileges to do administrative tasks in **super-user mode**.
#### Super-user mode
-:::note
-Super-user mode is not yet available in Web Modeler Self-Managed.
-:::
-
-Super-user mode is only available to the **Owner** and **Admins** of the organization and can be enabled via the user menu in Web Modeler:
+Super-user mode is only available to users with elevated access and can be enabled via the user menu in Web Modeler:
The main purpose of this mode is to assign collaborators to orphaned projects (which have no collaborators).
Ordinarily, these projects would not be accessible or visible to any users.
-When the **Owner** or an **Admin** activates super-user mode, they are temporarily granted **Project Admin** access to all projects
+When a user activates super-user mode, they are temporarily granted **Project Admin** access to all projects
of the organization. This allows them to assign collaborators to orphaned projects and gives them
full access when none of the ordinary collaborators are available.
+##### Required Roles/Permissions for Super-User Mode Access
+
+
+
+
+
+The user must be assigned the organization **Owner** or **Admin** role.
+
+
+
+
+
+The user must be assigned the **Web Modeler Admin** role.
+
+If the role is not pre-existing, it can be created with the following permissions:
+
+- Web Modeler Internal API - `write:*`
+- Web Modeler Internal API - `admin:*`
+- Camunda Identity Resource Server - `read:users`
+
+See [here](../../../self-managed/identity/user-guide/roles/add-assign-role.md) how to add a new role and [here](../../../self-managed/identity/user-guide/roles/add-assign-permission.md) how to add the new `admin:*` permission to the Web Modeler Internal API.
+
+
+
+
### Inviting users to projects
:::note
diff --git a/docs/self-managed/identity/user-guide/roles/add-assign-permission.md b/docs/self-managed/identity/user-guide/roles/add-assign-permission.md
index b4c81ecbb7..ecb3f7977e 100644
--- a/docs/self-managed/identity/user-guide/roles/add-assign-permission.md
+++ b/docs/self-managed/identity/user-guide/roles/add-assign-permission.md
@@ -16,16 +16,16 @@ You can create permissions for granular access control over your APIs. Permissio
The preset permissions for Camunda components are:
-| Component | Permissions | Descriptions |
-| ----------- | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
-| Connectors | `read:*` | Read access to all APIs |
-| Console | `write:*` | Write access to all pages |
-| Identity | `read`
`read:users`
`write` | Read access to all pages
Access only the **Users** page and related subpages
Write access to all pages |
-| Operate | `read:*`
`write:*` | Read access to all APIs
Write access to all APIs |
-| Optimize | `write:*` | Write access to all APIs |
-| Tasklist | `read:*`
`write:*` | Read access to all APIs
Write access to all APIs |
-| Web Modeler | `create:*`
`read:*`
`update:*`
`delete:*` | CRUD access |
-| Zeebe | `write:*` | Write access to all APIs |
+| Component | Permissions | Descriptions |
+| ----------- | ------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ |
+| Connectors | `read:*` | Read access to all APIs |
+| Console | `write:*` | Write access to all pages |
+| Identity | `read`
`read:users`
`write` | Read access to all pages
Access only the **Users** page and related subpages
Write access to all pages |
+| Operate | `read:*`
`write:*` | Read access to all APIs
Write access to all APIs |
+| Optimize | `write:*` | Write access to all APIs |
+| Tasklist | `read:*`
`write:*` | Read access to all APIs
Write access to all APIs |
+| Web Modeler | `write:*`
`admin:*`
`create:*`
`read:*`
`update:*`
`delete:*` | Access to the Internal API
Elevated Access
CRUD access to Public API |
+| Zeebe | `write:*` | Write access to all APIs |
In this guide, we will show you how to use Identity to add and assign a permission to a role.