Tech and pewer review feedback incorporated

_data/toc.yaml

@@ -1560,6 +1560,8 @@ manuals:
           title: Add labels to cluster nodes
         - path: /ee/ucp/admin/configure/add-sans-to-cluster/
           title: Add SANs to cluster certificates
+        - path: /ee/ucp/authorization/configure-rbac-kube/
+          title: Configure Kubernetes Role-Based Access Control
         - path: /ee/ucp/admin/configure/external-auth/
           title: Integrate with LDAP
         - path: /ee/ucp/admin/configure/external-auth/enable-ldap-config-file/
@@ -1646,8 +1648,6 @@ manuals:
         - path: /ee/ucp/authorization/pull-images/
           title: Allow users to pull images
         - path: /ee/ucp/authorization/migrate-kubernetes-roles/
-          title: Configure Kubernetes Role-Based Access Control
-        - path: /ee/ucp/authorization/configure-rbac-kube/
           title: Docker EE Standard use case
         - path: /ee/ucp/authorization/ee-advanced/
           title: Docker EE Advanced use case

ee/ucp/authorization/congigure-rbac-kube.md

@@ -5,20 +5,20 @@ keywords: Kuberenetes, ucp, RBAC
 redirects: /ee/ucp/authorization/migrate-kubernetes-roles/
 ---
 
-UCP 3.0 used its own role-based asccess control (RBAC) for Kubernetes clusters. New in UCP 3.1 is the ability to use Kube RBAC. The benefits of doing this are:
+UCP 3.0 used its own role-based asccess control (RBAC) for Kubernetes clusters. New in UCP 3.1 is the ability to use Kubernetes RBAC. The benefits of doing this are:
 
-- Many ecosystem applications and integrations expect Kube RBAC as a part of their YAML files to provide access to service accounts.
+- Many ecosystem applications and integrations expect Kubernetes RBAC as a part of their YAML files to provide access to service accounts.
 - Organizations planning to run UCP both on-premesis as well as in hosted cloud services want to run Kubernetes applications on both sets of environments, without manually changing RBAC for their YAML file.
 
-Kubernetes RBAC is turned on by default when customers upgrade to UCP 3.1. See [RBAC authorization in Kubernetes](https://v1-8.docs.kubernetes.io/docs/admin/authorization/rbac/) for more information about Kubernetes.
+Kubernetes RBAC is turned on by default for Kubernetes clusters when customers upgrade to UCP 3.1. See [RBAC authorization in Kubernetes](https://v1-8.docs.kubernetes.io/docs/admin/authorization/rbac/) for more information about Kubernetes role-based access control.
 
-Starting with UCP 3.1, Kubernetes & Swarm roles have separate views. You can view all the roles for a particular cluster under **Access Control** then **Users**. Select Kubernetes or Swarm to view the specific roles for each.
+Starting with UCP 3.1, Kubernetes & Swarm roles have separate views. You can view all the roles for a particular cluster under **Access Control** then **Roles**. Select Kubernetes or Swarm to view the specific roles for each.
 
 ## Creating roles
 
 You create Kubernetes roles either through the CLI using `kubectl` or through the UCP web interface.
 
-To create a Kuberenetes roles in the UCP web interface:
+To create a Kuberenetes role in the UCP web interface:
 
 1. Go to the UCP web UI.
 2. Navigate to the **Access Control**.
@@ -31,7 +31,7 @@ To create a Kuberenetes roles in the UCP web interface:
 
 ![Kubernetes Role Creation in UCP](../images/kube-role-create.png)
 
-6. Select a namespace from the **Namespace** dropdown list.
+6. Select a namespace from the **Namespace** dropdown list. Selecting a specific namespace creates a role for use in that namespace, but selecting all namespaces creates a `ClusterRole` where you can create rules for cluster-scoped Kubernetes resources as well as namespaced resources.
 7. Provide the YAML for the role, either by entering it in the **Object YAML** editor or select **Click to upload a .yml file** to choose and upload a .yml file instead.
 8. When you have finished specifying the YAML, Select **Create** to complete role creation.
 
@@ -41,7 +41,7 @@ To create a Kuberenetes roles in the UCP web interface:
 Kubernetes provides 2 types of role grants:
 
 - `ClusterRoleBinding` which applies to all namespaces
-- `RoleBinding1` which applies to a specific namespace
+- `RoleBinding` which applies to a specific namespace
 
 To create a grant for a Kuberenetes role in the UCP web interface:
 
@@ -61,12 +61,12 @@ To create a grant for a Kuberenetes role in the UCP web interface:
 -  **Organizations**
 -  **Service account**
 7. To create a user role binding, select a username from the **Users** dropdown list then select **Next**.
-8. Select a resource set for the subject. The **default** namespace is automatically selected. To use a different namespace, select the **Select Namespace** button next to the desired namespace. For `Cluster Role Binding`, slide the **Apply Role Binding to all namespace** selector to the right.
+8. Select a resource set for the subject. The **default** namespace is automatically selected. To use a different namespace, select the **Select Namespace** button next to the desired namespace. For `Cluster Role Binding`, slide the **Apply Role Binding to all namespaces** selector to the right.
 
 ![Kubernetes Create User Role Binding in UCP](../images/kube-grant-rolebinding.png)
 
 9. Select **Next** to continue.
-10. Select the **Cluster Role** from the dropdown list.
+10. Select the **Cluster Role** from the dropdown list. If you create a `ClusterRoleBinding` (by selecting **Apply Role Binding to all namespaces**) then you may only select ClusterRoles. If you select a specific namespace, you can choose any role from that namespace or any ClusterRole.
 
 ![Kubernetes Select Cluster Role in UCP](../images/kube-grant-roleselect.png)