rewording

Author: phil198

modules/ROOT/pages/authentication-authorization/privileges-and-roles-immutable.adoc

@@ -42,24 +42,8 @@ Immutable privileges and roles are useful for restricting the actions of users w
 
 === Immutable privileges
 
-You may want to prevent all users from performing Database Management, even the `admin` user (who are themselves able to add or remove privileges).
-To do so, it would not be adequate to run:
+If you want to prevent all users from performing a certain action, even the `admin` user (who are themselves able to add or remove privileges), then you can use an immutable privilege.
 
-[source, cypher]
-----
-DENY DATABASE MANAGEMENT ON DBMS TO PUBLIC
-----
-
-This is because the `admin` user could subsequently runs this:
-
-[source, cypher]
-----
-REVOKE DENY DATABASE MANAGEMENT ON DBMS FROM PUBLIC
-----
-
-They would then effectively regain Database Management privileges.
-
-Instead, you could use an immutable privilege.
 
 .Create an immutable privilege
 ======
@@ -96,6 +80,29 @@ SHOW PRIVILEGES WHERE IMMUTABLE
 
 ======
 
+[NOTE]
+====
+
+It would not be adequate to run:
+
+[source, cypher]
+----
+DENY DATABASE MANAGEMENT ON DBMS TO PUBLIC
+----
+
+This is because the `admin` user could subsequently runs this:
+
+[source, cypher]
+----
+REVOKE DENY DATABASE MANAGEMENT ON DBMS FROM PUBLIC
+----
+
+They would then effectively regain Database Management privileges.
+
+Instead, you could use an immutable privilege.
+
+====
+
 === Immutable roles
 
 Immutable _privileges_ are useful when wanting to attach a permanent privilege to the `PUBLIC` role, which will apply to all users (because the `PUBLIC` role applies to all users).