add info

JnHs · JnHs · commit 55e5999dee9c · 2023-02-24T11:39:24.000-08:00
diff --git a/articles/azure-arc/kubernetes/conceptual-cluster-connect.md b/articles/azure-arc/kubernetes/conceptual-cluster-connect.md
@@ -1,11 +1,11 @@
 ---
-title: "Access Azure Arc-enabled Kubernetes clusters from anywhere using cluster connect"
+title: "Cluster connect access to Azure Arc-enabled Kubernetes clusters"
 ms.date: 07/22/2022
 ms.topic: conceptual
 description: "Cluster connect allows developers to access their Azure Arc-enabled Kubernetes clusters from anywhere for interactive development and debugging."
 ---
 
-# Access Azure Arc-enabled Kubernetes clusters from anywhere using cluster connect
+# Cluster connect access to Azure Arc-enabled Kubernetes clusters
 
 The Azure Arc-enabled Kubernetes *cluster connect* feature provides connectivity to the `apiserver` of the cluster without requiring any inbound port to be enabled on the firewall. A reverse proxy agent running on the cluster can securely start a session with the Azure Arc service in an outbound manner.
 
diff --git a/articles/azure-arc/kubernetes/identity-access-overview.md b/articles/azure-arc/kubernetes/identity-access-overview.md
@@ -8,6 +8,31 @@ description: "Understand identity and access options for Arc-enabled Kubernetes
 
 # Azure Arc-enabled Kubernetes identity and access overview
 
+You can authenticate, authorize, secure, and control access to your Azure Arc-enabled Kubernetes clusters. Kubernetes role-based access control (Kubernetes RBAC) lets you grant users, groups, and service accounts access to only the resources they need. You can further enhance the security and permissions structure using Azure Active Directory and Azure role-based access control (RBAC).
+
+While Kubernetes RBAC works only on Kubernetes resources within your cluster, Azure RBAC works on resources across your Azure subscription.
+
+This topic provides an overview of these two RBAC systems and how you can use them with your Arc-enabled Kubernetes clusters.
+
+## Kubernetes RBAC
+
+[Kubernetes RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) provides granular filtering of user actions. With Kubernetes RBAC, You assign users or groups permission to create and modify resources or view logs from running application workloads. You can create roles to define permissions, and then assign those roles to users with role bindings. Permissions may be scoped to a single namespace or across the entire cluster.
+
+The Azure Arc-enabled Kubernetes cluster connect feature uses Kubernetes RBAC to provides connectivity to the `apiserver` of the cluster. This connectivity doesn't require any inbound port to be enabled on the firewall. A reverse proxy agent running on the cluster can securely start a session with the Azure Arc service in an outbound manner. Using the cluster connect feature helps enable interactive debugging and troubleshooting scenarios. It can also be used to provide cluster access to Azure services for [custom locations](conceptual-custom-locations.md).
+
+For more information, see [Cluster connect access to Azure Arc-enabled Kubernetes clusters](conceptual-cluster-connect.md) and [Use cluster connect to securely connect to Azure Arc-enabled Kubernetes clusters](cluster-connect.md).
+
+## Azure RBAC
+
+[Azure role-based access control (RBAC)](/azure/role-based-access-control/overview) is an authorization system built on Azure Resource Manager  and Azure Active Directory (Azure AD) that provides fine-grained access management of Azure resources.
+
+With Azure RBAC, role definitions outlines the permissions to be applied. You assign these roles to users or groups via a role assignment for a particular scope. The scope can be across the entire subscription or limited to a resource group or to an individual resource such as a Kubernetes cluster.
+
+Using Azure RBAC with your Arc-enabled Kubernetes clusters allows the benefits of Azure role assignments, such as activity logs showing all Azure RBAC changes to an Azure resource.
+
+For more information, see [Azure RBAC on Azure Arc-enabled Kubernetes](conceptual-azure-rbac.md) and [Use Azure RBAC for Azure Arc-enabled Kubernetes clusters](azure-rbac.md).
 
 ## Next steps
 
+- Learn about [access and identity options for Azure Kubernetes Service (AKS) clusters](/azure/aks/concepts-identity).
+- - Deploy and manage [cluster extensions](extensions.md).
diff --git a/articles/azure-arc/kubernetes/toc.yml b/articles/azure-arc/kubernetes/toc.yml
@@ -36,7 +36,7 @@
     items:
       - name: Identity and access overview
         href: identity-access-overview.md
-      - name: Access cluster from anywhere
+      - name: Cluster connect access
         displayName: connect
         href: conceptual-cluster-connect.md
       - name: Azure RBAC integration
