From 63ba7b1fd5f75619e58aca8d4b55411bc9704613 Mon Sep 17 00:00:00 2001
From: Catherine Luse <catherine.luse@rancher.com>
Date: Tue, 17 Dec 2019 15:23:35 -0700
Subject: [PATCH] Remove reference to inheritance for cloned roles

---
 .../rbac/default-custom-roles/_index.md       | 20 +++++++++----------
 .../rbac/global-permissions/_index.md         |  4 ++--
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md
index bc2ac911606..ff2f0275228 100644
--- a/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md
+++ b/content/rancher/v2.x/en/admin-settings/rbac/default-custom-roles/_index.md
@@ -13,8 +13,8 @@ This section covers the following topics:
 
 - [Prerequisites](#prerequisites)
 - [Creating a custom role for a cluster or project](#creating-a-custom-role-for-a-cluster-or-project)
-- [Creating a custom global role that inherits from an existing role](#creating-a-custom-global-role-that-inherits-from-an-existing-role)
-- [Creating a custom global role that does not inherit from another role](#creating-a-custom-global-role-that-does-not-inherit-from-another-role)
+- [Creating a custom global role that copies rules from an existing role](#creating-a-custom-global-role-that-copies-rules-from-an-existing-role)
+- [Creating a custom global role that does not copy rules from another role](#creating-a-custom-global-role-that-does-not-copy-rules-from-another-role)
 - [Deleting a custom global role](#deleting-a-custom-global-role)
 - [Assigning a custom global role to a group](#assigning-a-custom-global-role-to-a-group)
 
@@ -51,11 +51,11 @@ The steps to add custom roles differ depending on the version of Rancher.
 
 1.  Use the **Grant Resources** options to assign individual [Kubernetes API endpoints](https://kubernetes.io/docs/reference/) to the role.
 
-    > When viewing the resources associated with default roles created by Rancher, if there are multiple Kuberenetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource.
+    > When viewing the resources associated with default roles created by Rancher, if there are multiple Kubernetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource.
 
     You can also choose the individual cURL methods (`Create`, `Delete`, `Get`, etc.) available for use with each endpoint you assign.
 
-1.  Use the **Inherit from a Role** options to assign individual Rancher roles to your custom roles.
+1.  Use the **Inherit from a Role** options to assign individual Rancher roles to your custom roles. Note: When a custom role inherits from a parent role, the parent role cannot be deleted until the child role is deleted.
 
 1.  Click **Create**.
 
@@ -82,22 +82,22 @@ The steps to add custom roles differ depending on the version of Rancher.
 
 1.  Use the **Grant Resources** options to assign individual [Kubernetes API endpoints](https://kubernetes.io/docs/reference/) to the role.
 
-    > When viewing the resources associated with default roles created by Rancher, if there are multiple Kuberenetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource.
+    > When viewing the resources associated with default roles created by Rancher, if there are multiple Kubernetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource.
 
     You can also choose the individual cURL methods (`Create`, `Delete`, `Get`, etc.) available for use with each endpoint you assign.
 
-1.  Use the **Inherit from a Role** options to assign individual Rancher roles to your custom roles.
+1.  Use the **Inherit from a Role** options to assign individual Rancher roles to your custom roles. Note: When a custom role inherits from a parent role, the parent role cannot be deleted until the child role is deleted.
 
 1.  Click **Create**.
 
 {{% /tab %}}
 {{% /tabs %}}
 
-## Creating a Custom Global Role that Inherits from an Existing Role
+## Creating a Custom Global Role that Copies Rules from an Existing Role
 
 _Available as of v2.3.4_
 
-If you have a group of individuals that need the same level of access in Rancher, it can save time to create a custom global role that inherits from another role, such as the administrator role, so that you only have to configure the variations between the new and existing roles.
+If you have a group of individuals that need the same level of access in Rancher, it can save time to create a custom global role in which all of the rules from another role, such as the administrator role, are copied into a new role. This allows you to only configure the variations between the existing role and the new role.
 
 The custom global role can then be assigned to a user or group so that the custom global role takes effect the first time the user or users sign into Rancher.
 
@@ -105,12 +105,12 @@ To create a custom global role based on an existing role,
 
 1. Go to the **Global** view and click **Security > Roles.**
 1. On the **Global** tab, go to the role that the custom global role will be based on. Click **Ellipsis (…) > Clone.**
-Enter a name for the role.
+1. Enter a name for the role.
 1. Optional: To assign the custom role default for new users, go to the **New User Default** section and click **Yes: Default role for new users.**
 1. In the **Grant Resources** section, select the Kubernetes resource operations that will be enabled for users with the custom role.
 1. Click **Save.**
 
-## Creating a Custom Global Role that Does Not Inherit from Another Role
+## Creating a Custom Global Role that Does Not Copy Rules from Another Role
 
 _Available as of v2.3.4_
 
diff --git a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md
index 82b22032a63..d8d9058b5a6 100644
--- a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md
+++ b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md
@@ -33,7 +33,7 @@ Assignment of global permissions to a user depends on their authentication sourc
 
 Using custom permissions is convenient for providing users with narrow or specialized access to Rancher.
 
-When a user from an [external authentication source]({{<baseurl>}}/rancher/v2.x/en/admin-settings/authentication/) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in from the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters.
+When a user from an [external authentication source]({{<baseurl>}}/rancher/v2.x/en/admin-settings/authentication/) signs into Rancher for the first time, they're automatically assigned a set of global permissions (hereafter, permissions). By default, after a user logs in for the first time, they are created as a user and assigned the default `user` permission. The standard `user` permission allows users to login and create clusters.
 
 However, in some organizations, these permissions may extend too much access. Rather than assigning users the default global permissions of `Administrator` or `Standard User`, you can assign them a more restrictive set of custom global permissions.
 
@@ -74,7 +74,7 @@ For details on which Kubernetes resources correspond to each global permission,
 > **Notes:**
 >
 > - Each permission listed above is comprised of multiple individual permissions not listed in the Rancher UI. For a full list of these permissions and the rules they are comprised of, access through the API at `/v3/globalRoles`.
-> - When viewing the resources associated with default roles created by Rancher, if there are multiple Kuberenetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource.
+> - When viewing the resources associated with default roles created by Rancher, if there are multiple Kubernetes API resources on one line item, the resource will have `(Custom)` appended to it. These are not custom resources but just an indication that there are multiple Kubernetes API resources as one resource.
 
 ### Configuring Default Global Permissions