RHDHBUGS-2190: Fixing authorization step in Lightspeed (#1477)

* Fixing authorization step in Lightspeed

* Minor changeS

* Incorporated Karthik's comment

* Final Karthik's comment

* Incorporated Judy's comments

* Minor update

Author: pabel-rh

modules/developer-lightspeed/proc-installing-and-configuring-lightspeed.adoc

@@ -501,8 +501,9 @@ upstream:
      ...
 ----
 
-. Define permissions and roles for your users who are not administrators by completing the following steps:
-.. Configure the required RBAC permission by defining an `rbac-policies.csv` file as shown in the following example:
+. Manage your authorization based on your installation method:
+.. For an Operator-installed {product-very-short} instance, define permissions and roles for your users who are not administrators by completing the following steps:
+... Configure the required RBAC permission by defining an `rbac-policies.csv` file as shown in the following example:
 +
 [source,yaml]
 ----
@@ -512,8 +513,8 @@ p, role:default/_<your_team>_, lightspeed.chat.delete, delete, allow
 
 g, user:default/_<your_user>_, role:default/_<your_team>_
 ----
-.. Upload your `rbac-policies.csv` and `rbac-conditional-policies.yaml` files to an `rbac-policies` config map in your {ocp-short} project containing {product-very-short}.
-.. Update your {product-custom-resource-type} custom resource to mount in the {product-very-short} filesystem your files from the `rbac-policies` ConfigMap:
+... Upload your `rbac-policies.csv` file to an `rbac-policies` config map in your {ocp-short} project containing {product-very-short}.
+... Update your {product-custom-resource-type} custom resource to mount in the {product-very-short} filesystem your files from the `rbac-policies` ConfigMap:
 +
 [source,yaml]
 ----
@@ -526,7 +527,35 @@ spec:
       configMaps:
         - name: rbac-policies
 ----
-For detailed information, see {authorization-book-link}managing-authorizations-by-using-external-files[Managing authorizations by using external files].
+For detailed information, see {authorization-book-link}#con-rbac-conditional-policies-rhdh_title-authorization[Managing authorizations by using external files].
+
+.. For a Helm-installed {product-very-short} instance, define permissions and roles for your users who are not administrators by completing the following steps:
+
+... Configure the required RBAC permission by defining an `rbac-policies.csv` file as shown in the following example:
++
+[source,yaml]
+----
+p, role:default/_<your_team>_, lightspeed.chat.read, read, allow
+p, role:default/_<your_team>_, lightspeed.chat.create, create, allow
+p, role:default/_<your_team>_, lightspeed.chat.delete, delete, allow
+g, user:default/_<your_user>_, role:default/_<your_team>_
+----
+... Declare policy administrators to enable a select number of authenticated users to configure RBAC policies through the REST API or Web UI, instead of modifying the CSV file directly. The permissions can be specified in a separate CSV file referenced in your `{my-app-config-config-map}` config map, or permissions can be created using the REST API or Web UI.
+To declare users such as _<your_policy_administrator_name>_ as policy administrators, edit your custom {product-very-short} ConfigMap, such as `{my-app-config-file}`, and add following code to the `{my-app-config-file}` content:
++
+[source,yaml]
+----
+permission:
+  enabled: true
+  rbac:
+    policies-csv-file: /opt/app-root/src/rbac-policies.csv
+    policyFileReload: true
+    admin:
+      users:
+        - name: user:default/<your_policy_administrator_name>
+----
+
+See {authorization-book-link}#defining-authorizations-in-external-files-by-using-helm[Defining authorizations in external files by using Helm].
 
 .Verification