docs: remove deny in impersonation

gravitational · Oct 23, 2024 · 8b05308 · 8b05308
1 parent 22b5014
commit 8b05308
Showing 1 changed file with 0 additions and 17 deletions.
diff --git a/docs/pages/admin-guides/access-controls/guides/impersonation.mdx b/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
@@ -86,11 +86,6 @@ spec:
       users: ['jenkins']
       roles: ['jenkins']
 
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 Create the `role` resource:
@@ -207,12 +202,6 @@ spec:
       where: >
         equals(impersonate_role.metadata.labels["group"], "security") && 
         equals(impersonate_user.metadata.labels["group"], "security")
-
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 Create the resources:
@@ -285,12 +274,6 @@ spec:
       where: >
         contains(user.spec.traits["group"], impersonate_role.metadata.labels["group"]) && 
         contains(user.spec.traits["group"], impersonate_user.metadata.labels["group"])
-
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 While user traits typically come from an external identity provider, we can test