diff --git a/content/docs/concepts/security/index.md b/content/docs/concepts/security/index.md
index 9f40e02533..bc6724ef11 100644
--- a/content/docs/concepts/security/index.md
+++ b/content/docs/concepts/security/index.md
@@ -272,7 +272,7 @@ In `RbacConfig` object, the operator can specify “mode”, which can be one of
 In the following example, authorization is enabled for the “default” namespace.
 
 {{< text yaml >}}
-apiVersion: “config.istio.io/v1alpha2”
+apiVersion: “rbac.istio.io/v1alpha1”
 kind: RbacConfig
 metadata:
   name: default
@@ -314,7 +314,7 @@ fields in a rule. “paths” is optional. If not specified or set to “*“, i
 Here is an example of a simple role “service-admin”, which has full access to all services in the “default” namespace.
 
 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRole
 metadata:
   name: service-admin
@@ -329,7 +329,7 @@ Here is another role “products-viewer”, which has read (“GET” and “HEA
 “default” namespace.
 
 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRole
 metadata:
   name: products-viewer
@@ -347,7 +347,7 @@ Read (“GET”) access to all paths with “/reviews” suffix (e.g, “/books/
 “bookstore.default.svc.cluster.local”.
 
 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRole
 metadata:
   name: tester
@@ -371,7 +371,7 @@ For example, the following `ServiceRole` definition extends the previous “prod
 In the case that the attribute is a “map” (e.g., `request.headers`), the “key” is an entry in the map (e.g., `request.headers[version]`).
 
 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRole
 metadata:
   name: products-viewer-version
@@ -403,7 +403,7 @@ Here is an example of `ServiceRoleBinding` “test-binding-products”, which bi
 * A service account representing the Ingress service (“istio-ingress-service-account”) **and** where the JWT “email” claim is “a@foo.com”.
 
 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRoleBinding
 metadata:
   name: test-binding-products
@@ -423,7 +423,7 @@ In the case that you want to make a service(s) publicly accessible, you set the
 to all users and services.
 
 {{< text yaml >}}
-apiVersion: "config.istio.io/v1alpha2"
+apiVersion: "rbac.istio.io/v1alpha1"
 kind: ServiceRoleBinding
 metadata:
   name: binding-products-allusers
diff --git a/content/docs/tasks/security/role-based-access-control/index.md b/content/docs/tasks/security/role-based-access-control/index.md
index 8989aca820..48ac3e56d4 100644
--- a/content/docs/tasks/security/role-based-access-control/index.md
+++ b/content/docs/tasks/security/role-based-access-control/index.md
@@ -105,7 +105,7 @@ set to one of the values in ["productpage", "details", "reviews", "ratings"]. No
 the services must have one of the listed "app" labels.
 
     {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
     kind: ServiceRole
     metadata:
       name: service-viewer
@@ -122,7 +122,7 @@ the services must have one of the listed "app" labels.
 *   Creates a `ServiceRoleBinding` that assign the "service-viewer" role to all services in "istio-system" and "default" namespaces.
 
     {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
     kind: ServiceRoleBinding
     metadata:
       name: bind-service-viewer
@@ -183,7 +183,7 @@ The policy does the following:
 *   Creates a `ServiceRole` "productpage-viewer" which allows read access to "productpage" service.
 
     {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
     kind: ServiceRole
     metadata:
       name: productpage-viewer
@@ -197,7 +197,7 @@ The policy does the following:
 *   Creates a `ServiceRoleBinding` "bind-productpager-viewer" which assigns "productpage-viewer" role to all users/services.
 
     {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
     kind: ServiceRoleBinding
     metadata:
       name: bind-productpager-viewer
@@ -234,7 +234,7 @@ The policy does the following:
 *   Creates a `ServiceRole` "details-reviews-viewer" which allows read access to "details" and "reviews" services.
 
     {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
     kind: ServiceRole
     metadata:
       name: details-reviews-viewer
@@ -249,7 +249,7 @@ The policy does the following:
 account "cluster.local/ns/default/sa/bookinfo-productpage" (representing the "productpage" service).
 
     {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
     kind: ServiceRoleBinding
     metadata:
       name: bind-details-reviews
@@ -287,7 +287,7 @@ The policy does the following:
 *   Creates a `ServiceRole` "ratings-viewer" which allows read access to "ratings" service.
 
     {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
     kind: ServiceRole
     metadata:
       name: ratings-viewer
@@ -302,7 +302,7 @@ The policy does the following:
 account "cluster.local/ns/default/sa/bookinfo-reviews", which represents the "reviews" services.
 
     {{< text yaml >}}
-    apiVersion: "config.istio.io/v1alpha2"
+    apiVersion: "rbac.istio.io/v1alpha1"
     kind: ServiceRoleBinding
     metadata:
       name: bind-ratings