Clarify admin and edit roles

bentito · camilamacedo86 · web-flow · commit f4821bde8eba · 2024-11-06T08:27:37.000-05:00
Co-authored-by: Camila Macedo &lt;7708031+camilamacedo86@users.noreply.github.com&gt;
diff --git a/docs/concepts/how-to-grant-api-access.md b/docs/concepts/how-to-grant-api-access.md
@@ -35,9 +35,9 @@ Administrators can define standard roles to control access to the API resources
 
 ### Default Roles
 
-- **View ClusterRole**: Grants read-only access to all custom resource objects of specified API resources across the cluster.
-- **Edit ClusterRole**: Allows modifying all custom resource objects within the cluster.
-- **Admin ClusterRole**: Provides full permissions (create, update, delete) over all custom resource objects for the specified API resources across the cluster.
+- **View ClusterRole**: Grants read-only access to all custom resource objects of specified API resources across the cluster. This role is intended for users who need visibility into the resources without any permissions to modify them. It’s ideal for monitoring purposes and limited access viewing.
+- **Edit ClusterRole**: Allows users to modify all custom resource objects within the cluster. This role enables users to create, update, and delete resources, making it suitable for team members who need to manage resources but should not control RBAC or manage permissions for others.
+- **Admin ClusterRole**: Provides full permissions (create, update, delete) over all custom resource objects for the specified API resources across the cluster. In addition to resource management, it grants users the ability to modify roles and bindings within the cluster, allowing them to delegate specific permissions to other users or groups as needed.
 
 ### Example: Defining a Custom "View" ClusterRole
 
