From 322c3620c61ed75d249ac4322dfcf02d2117e61b Mon Sep 17 00:00:00 2001
From: Bruno Bernardi <bruno.bernardi@suse.com>
Date: Fri, 17 Apr 2026 17:15:04 -0300
Subject: [PATCH] Update 12.rancher_sso_rbac.md

Updated some use cases that were incorrectly recommending Global roles instead of Cluster roles. I propose textual changes to make this clearer and more accurate for customers
---
 docs/08.integration/12.rancher_sso_rbac.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/08.integration/12.rancher_sso_rbac.md b/docs/08.integration/12.rancher_sso_rbac.md
index 305b4134e..46e6616ee 100644
--- a/docs/08.integration/12.rancher_sso_rbac.md
+++ b/docs/08.integration/12.rancher_sso_rbac.md
@@ -59,7 +59,7 @@ It is important to note that this integration supports roles in Global, Cluster,
                                                                                                                                                                                                                                                                                                                                                                                                    
 ### Definitions and Expectations with Global, Cluster, and Project/Namespace Roles 
 
-* Cluster resource with * verb on Rancher Global Role
+* Cluster resource with * verb on Rancher Cluster Role
   + Mapped to NeuVector fedAdmin role on NeuVector fed-master cluster  (This means users cannot map a Rancher Global role to a NeuVector admin role if NeuVector is on a master cluster)
   + Mapped to NeuVector admin role on NeuVector fed-managed cluster
 
@@ -108,7 +108,7 @@ It is important to note that this integration supports roles in Global, Cluster,
 #### Use Case 2
 
 * Create a FedAdmin user. Always remember to login in as a FedAdmin to a master cluster. If you are not on a federated domain, the roles will be downgraded to Reader or Admin.
-  + Create a global role with the following parameters. By using a global role it is also accessible by the other downstream clusters:
+  + Create a cluster role with the following parameters. By using a global role it is also accessible by the other downstream clusters:
     ```yaml
            Verb: *
            Resource: All permissions
@@ -127,6 +127,7 @@ It is important to note that this integration supports roles in Global, Cluster,
 
 :::note
 To switch between FedAdmin and FedReader, just change the verbs from * to `get`. `get` is just the read permission, i.e., FedReader in this use case.
+You should use the Cluster role to divide access scenarios based on the RBAC verbs and resources allowed by NeuVector. The Global role should be used strictly if you want to propagate to more clusters. Users must create Cluster roles to propagate the Global role to all downstream clusters.
 :::