Document changes to default RBAC discovery ClusterRole(Binding)s (#12888

) * Document changes to default RBAC discovery ClusterRole(Binding)s Documentation for kubernetes/enhancements#789 and kubernetes/kubernetes#73807 * documentation review feedback
kubernetes · Mar 12, 2019 · 98b449d · 98b449d
1 parent 5f049ec
commit 98b449d
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/content/en/docs/reference/access-authn-authz/rbac.md b/content/en/docs/reference/access-authn-authz/rbac.md
@@ -471,13 +471,18 @@ NOTE: editing the role is not recommended as changes will be overwritten on API
 </tr>
 <tr>
 <td><b>system:basic-user</b></td>
-<td><b>system:authenticated</b> and <b>system:unauthenticated</b> groups</td>
-<td>Allows a user read-only access to basic information about themselves.</td>
+<td><b>system:authenticated</b> group</td>
+<td>Allows a user read-only access to basic information about themselves. Prior to 1.14, this role was also bound to `system:unauthenticated` by default.</td>
 </tr>
 <tr>
 <td><b>system:discovery</b></td>
+<td><b>system:authenticated</b> group</td>
+<td>Allows read-only access to API discovery endpoints needed to discover and negotiate an API level. Prior to 1.14, this role was also bound to `system:unauthenticated` by default.</td>
+</tr>
+<tr>
+<td><b>system:public-info-viewer</b></td>
 <td><b>system:authenticated</b> and <b>system:unauthenticated</b> groups</td>
-<td>Allows read-only access to API discovery endpoints needed to discover and negotiate an API level.</td>
+<td>Allows read-only access to non-sensitive information about the cluster. Introduced in 1.14.</td>
 </tr>
 </table>