From d9cd1010f22d8ece17bef1f6d2ca1a449dabb84c Mon Sep 17 00:00:00 2001
From: Anna Geller <anna.m.geller@gmail.com>
Date: Thu, 24 Oct 2024 12:04:38 +0200
Subject: [PATCH] docs: catching up and adding docs for
 https://github.com/kestra-io/kestra-ee/issues/1344

---
 content/docs/configuration/index.md | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/content/docs/configuration/index.md b/content/docs/configuration/index.md
index 8cbb364f39..4816de51f5 100644
--- a/content/docs/configuration/index.md
+++ b/content/docs/configuration/index.md
@@ -1371,8 +1371,8 @@ kestra:
 
 The default role is the role that will be assigned to a new user when it is created.
 
-For setup facilities, you can define the default role from the `kestra.security.default-role` configuration.
-Each time you start Kestra, the default role will be checked and created if it does not exist for every Tenant.
+You can define the default role using the `kestra.security.default-role` configuration.
+Whenever you start Kestra, the default role will be checked and created if it doesn't exist.
 
 The default role requires three properties:
 * `kestra.security.default-role.name`: the name of the default role
@@ -1390,10 +1390,22 @@ kestra:
         FLOW: ["CREATE", "READ", "UPDATE", "DELETE"]
 ```
 
-Make sure that you attach the `default-role` configuration under `kestra.security`rather than under `micronaut.security` — it's easy to confuse the two so make sure you enter that configuration in the right place.
+When using [multitenancy](../06.enterprise/03.tenants.md), the default role will be added to every tenant and will grant specified access permissions to new users across all tenants. If you prefer to restrict the default role to only allow access to a given tenant e.g. `staging`, you can add the `tenantId` property as follows:
+
+```yaml
+kestra:
+  security:
+    default-role:
+      name: default
+      description: "Default role"
+      permissions:
+        FLOW: ["CREATE", "READ", "UPDATE", "DELETE"]
+      tenantId: staging
+```
+
 
 ::alert{type="info"}
-When using [multitenancy](../06.enterprise/03.tenants.md), the default role will be added to every tenant. The admin will then need to explicitly add the user to a tenant.
+Make sure that you attach the `default-role` configuration under `kestra.security`rather than under `micronaut.security` — it's easy to confuse the two so make sure you enter that configuration in the right place.
 ::
 
 ## Server