[docs] WIP: protect sensitive configuration(#216)

OpenCTI-Platform · Oct 31, 2024 · 7de6b55 · 7de6b55
1 parent cf4984d
commit 7de6b55
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/docs/administration/protect-sensitive-configuration.md b/docs/administration/protect-sensitive-configuration.md
@@ -26,9 +26,10 @@ The sensitive configurations identified are:
 ## Configuration
 
 The configuration is done in the ``default.json`` file. By default, ``platform_protected_sensitive_config`` is disabled.
-Once activated, it is possible to activate all or just some of the sensitive configurations. It is also possible to choose which roles / groups / marking definition will be protected. By default, groups /roles / markings built-in are protected.
+Once activated, it is possible to activate all or just some of the sensitive configurations. It is also possible to choose which `Roles` / `Groups` / `Marking definition` will be protected. By default, `Groups` / `Roles` / `Markings` built-in are protected.
 
-Once the platform has been launched, a platform administrator can restrict access to sensitive configurations, previously set in ``default.json``, via ``Settings > Security > Roles > Capabilities list``.
+Once the platform has been launched, a platform administrator can restrict access to sensitive configurations, previously set in ``default.json``, via ``Settings > Security > Roles > Capabilities list``. Only users with `Allow modification of sensitive configuration` capability enabled will be able to modify sensitive configurations.
+By default, newly created roles do not have the capability.
 
 ![check_allow_modification_sensitive_conf.png](assets%2Fcheck_allow_modification_sensitive_conf.png)