Adjust file realm docs (#52471) (#52747)

jkakavas · web-flow · commit c1aed6f39ecc · 2020-02-25T11:58:50.000+02:00
The existing wording in the file realm docs proved confusing
for users as it seemed to indicate that it should _only_ be
used as a fallback/recovery realm and that it is not a
first class realm.

This change attempts to clarify this and point out that recovery
is _a_ use case for the file realm but not the only intended one.
diff --git a/x-pack/docs/en/security/authentication/file-realm.asciidoc b/x-pack/docs/en/security/authentication/file-realm.asciidoc
@@ -7,17 +7,21 @@ With the `file` realm, users are defined in local files on each node in the clus
 
 IMPORTANT:  As the administrator of the cluster, it is your responsibility to
 ensure the same users are defined on every node in the cluster. The {stack}
-{security-features} do not deliver any mechanism to guarantee this.
+{security-features} do not deliver any mechanism to guarantee this. You should
+also be aware that you cannot add or manage users in the `file` realm via the
+<<security-user-apis, user APIs>> and you cannot add or manage them in {kib} on the
+*Management / Security / Users* page
 
-The `file` realm is primarily supported to serve as a fallback/recovery realm. It
-is mostly useful in situations where all users locked themselves out of the system
-(no one remembers their username/password). In this type of scenarios, the `file`
-realm is your only way out - you can define a new `admin` user in the `file` realm
-and use it to log in and reset the credentials of all other users.
+The `file` realm is very useful as a fallback or recovery realm. For example in cases where
+the cluster is unresponsive or the security index is unavailable, or when you forget the
+password for your administrative users.
+In this type of scenario, the `file` realm is a convenient way out - you can
+define a new `admin` user in the `file` realm and use it to log in and reset the
+credentials of all other users.
 
 IMPORTANT: When you configure realms in `elasticsearch.yml`, only the realms you
-specify are used for authentication. To use the `file` realm as a fallback, you
-must include it in the realm chain.
+specify are used for authentication. To use the `file` realm you must explicitly
+include it in the realm chain.
 
 To define users, the {security-features} provide the
 {ref}/users-command.html[users] command-line tool. This tool enables you to add
