From 36439073b63951838794d0740414fa500fcb3101 Mon Sep 17 00:00:00 2001
From: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Date: Wed, 20 Sep 2023 10:40:50 -0400
Subject: [PATCH] docs: 'action' RBAC example for Kind without group (#15589)

---
 docs/operator-manual/rbac.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md
index 4cfc698d8c906e..0f15a18be19738 100644
--- a/docs/operator-manual/rbac.md
+++ b/docs/operator-manual/rbac.md
@@ -57,6 +57,13 @@ corresponds to the `action` path `action/extensions/DaemonSet/restart`. You can
 also use glob patterns in the action path: `action/*` (or regex patterns if you have
 [enabled the `regex` match mode](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-rbac-cm.yaml)).
 
+If the resource is not under a group (for examples, Pods or ConfigMaps), then omit the group name from your RBAC
+configuration:
+
+```csv
+p, example-user, applications, action//Pod/maintenance-off, default/*, allow
+```
+
 #### The `exec` resource
 
 `exec` is a special resource. When enabled with the `create` action, this privilege allows a user to `exec` into Pods via