reference: widen the definition of RBAC

[orangecms]

Description

Entities in access controls are not necssarily individual people. System accounts, for example, are often managed by a team, and the respective system account is assigned the task related roles, e.g. for storage management or specific network configuration matters.

Issue

The current wording might be confusing, since "individual users within your organization" sounds like it only means human entities. The later paragraph "User-facing roles" makes clear that there are also system entities in RBAC.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign sayakmukhopadhyay for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• content/en/docs/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[netlify]

✅ Pull request preview available for checking

Built without sensitive environment variables

Name	Link
🔨 Latest commit	b12f004
🔍 Latest deploy log	https://app.netlify.com/projects/kubernetes-io-main-staging/deploys/69d6106a90d4720008b53175
😎 Deploy Preview	https://deploy-preview-55291--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Arhell]

Lgtm

[CodesbyUnnati]

LGTM

[Caesarsage]

Thanks @orangecms for your contributions. I left some comments you could check out

[Caesarsage]

changing it from your to an make it less direct to readers which is against the style guide (https://kubernetes.io/docs/contribute/style/style-guide/#address-the-reader-as-you)

other entities is vague.

A cleaner wording could be

Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of *subjects* (users, groups, or service accounts) within your organization.

[lmktfy]

I call them principals; see https://deploy-preview-50364--kubernetes-io-main-staging.netlify.app/docs/reference/access-authn-authz/authentication/ (preview for how PR 50364 plans to update the authn page).

[lmktfy]

We can talk about both principals (which doesn't include groups) and subjects (which does / can).

[lmktfy]

I definitely agree that the current wording doesn't seem right. You've already helped a lot by pointing that out.

I do have some other feedback.

[lmktfy]

I think the word "individual" could still mislead. I'm afraid I would reword again:

Suggested change

	network resources based on the roles of individual users within an organization or
	other entities in a system, such as system accounts performing specific tasks.
	network resources based on the roles of specific users within an organization.
	As well as being useful to define access for individuals and groups of individuals,
	you can use Kubernetes RBAC to authorize other identity principals, such as [ServiceAccounts](/docs/concepts/security/service-accounts/).