Updates for the authorization concepts and user guide

volodymyr-melnykc · volodymyr-melnykc · commit b9b77e0e7e67 · 2025-09-15T08:02:32.000+02:00
diff --git a/docs/components/concepts/access-control/authorizations.md b/docs/components/concepts/access-control/authorizations.md
diff --git a/docs/components/identity/authorization.md b/docs/components/identity/authorization.md
@@ -4,14 +4,16 @@ title: Authorizations
 description: "Learn how to manage authorizations to an orchestration cluster."
 ---
 
-An authorization grants permissions to an **owner** to perform actions on a specific **resource**.
+An authorization grants an **owner** access to a **resource** and defines the specific **permissions** they have.
 
-- The **owner** is the entity that receives permissions, such as a [user](user.md), [group](group.md), [role](role.md), [client](client.md), or [mapping rule](./mapping-rules/manage-mapping-rules.md).
-- The **resource** is the object that the permissions apply to, like a process definition or a decision instance.
+- The **owner** is the entity that receives permissions, like [user](user.md), [group](group.md), [role](role.md), [client](client.md), or [mapping rule](./mapping-rules/manage-mapping-rules.md).
+- The **resource** is the object that the permissions apply to, like process definition, decision definition, or system. See the full list of [available resources](/components/concepts/access-control/authorizations.md#available-resources).
 
-Each authorization specifies which actions (e.g., `READ`, `UPDATE`, `DELETE`) the owner is allowed to perform on the resource.
+Each authorization specifies which permissions (e.g., `READ`, `UPDATE`, `DELETE`) the owner has on the resource.
 
-To learn more about authorizations, see [authorizations](/components/concepts/access-control/authorizations.md).
+:::tip
+To learn more, see the [authorization concepts](/components/concepts/access-control/authorizations.md).
+:::
 
 ## Create an authorization
 
@@ -22,7 +24,7 @@ To create a new authorization:
 3. Provide the following information:
    - **Owner type**: The entity to which you want to assign permissions, such as a User, Group, Role, Client, or Mapping rule.
    - **Owner ID**: The unique ID of the owner.
-   - **Resource type**: The selected resource type from the list of [available resources](/components/concepts/access-control/authorizations.md#available-resources).
+   - **Resource type**: The selected resource type.
    - **Resource ID**: The ID of the resource. Use `*` to grant permissions for all resources of the selected type.
 4. Select the permissions you want to grant.
 5. Click **Create authorization**.
@@ -31,6 +33,10 @@ The authorization is created, and the owner is granted the specified permissions
 
 ![identity-create-authorization-tab](./img/create-authorization-tab.png)
 
+## Update an authorization
+
+Authorizations cannot be updated after they are created. To edit an authorization, you must first [delete](#delete-an-authorization) the existing one and then create a new authorization with the updated permissions.
+
 ## Delete an authorization
 
 To delete an authorization:
diff --git a/docs/components/identity/img/create-authorization-tab.png b/docs/components/identity/img/create-authorization-tab.png
diff --git a/docs/components/identity/mapping-rules/assign-mapping-rules-to-tenants.md b/docs/components/identity/mapping-rules/assign-mapping-rules-to-tenants.md
@@ -11,7 +11,7 @@ import TabItem from "@theme/TabItem";
 Mapping rules grant access to a tenant based on access token claim values. This guide details how to assign, update, or remove these rules.
 
 :::tip
-To learn more about mapping rules and tenants, see the [mapping rules documentation](manage-mapping-rules.md) and [tenant management documentation](/self-managed/components/orchestration-cluster/identity/manage-tenants.md).
+To learn more about mapping rules and tenants, see the [mapping rules](manage-mapping-rules.md) and [tenant management](/self-managed/components/orchestration-cluster/identity/manage-tenants.md) user guides.
 :::
 
 1. Log in to the Identity UI and go to the **Tenants** tab.
diff --git a/docs/components/identity/mapping-rules/manage-mapping-rules.md b/docs/components/identity/mapping-rules/manage-mapping-rules.md
@@ -11,7 +11,7 @@ import TabItem from "@theme/TabItem";
 In this guide, you will learn how to manage mapping rules in Identity and how to control the Camunda entities related to them.
 
 :::tip
-To learn more about the concept of mapping rules, see the [mapping rules documentation](../../concepts/access-control/mapping-rules.md).
+To learn more, see the [mapping rules concepts](../../concepts/access-control/mapping-rules.md).
 :::
 
 You can manage mapping rules from the **Mapping rules** tab in Identity.
diff --git a/docs/components/identity/mapping-rules/mapping-rules-authorizations.md b/docs/components/identity/mapping-rules/mapping-rules-authorizations.md
@@ -11,7 +11,7 @@ import TabItem from "@theme/TabItem";
 This guide explains how to assign users, groups, roles or clients permission to manage specific mapping rules. To learn how to create mapping rules themselves, see [Manage mapping rules](manage-mapping-rules.md).
 
 :::tip
-To learn more about the concept of mapping rules, see the [mapping rules documentation](../../concepts/access-control/mapping-rules.md).
+To learn more, see the [mapping rules concepts](../../concepts/access-control/mapping-rules.md).
 :::
 
 1. Log in to the Identity UI and navigate to the **Authorizations** tab.
