From 8b053087160bfd1f36afa915004a4ade541e9722 Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Wed, 23 Oct 2024 03:52:44 -0400
Subject: [PATCH] docs: remove deny in impersonation

---
 .../access-controls/guides/impersonation.mdx    | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/docs/pages/admin-guides/access-controls/guides/impersonation.mdx b/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
index 2896bbdfb544..891606903213 100644
--- a/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
+++ b/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
@@ -86,11 +86,6 @@ spec:
       users: ['jenkins']
       roles: ['jenkins']
 
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 Create the `role` resource:
@@ -207,12 +202,6 @@ spec:
       where: >
         equals(impersonate_role.metadata.labels["group"], "security") && 
         equals(impersonate_user.metadata.labels["group"], "security")
-
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 Create the resources:
@@ -285,12 +274,6 @@ spec:
       where: >
         contains(user.spec.traits["group"], impersonate_role.metadata.labels["group"]) && 
         contains(user.spec.traits["group"], impersonate_user.metadata.labels["group"])
-
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 While user traits typically come from an external identity provider, we can test