NIFI-2502 This closes #797. Update Multi-tenant Authorization section in Admin Guide for addition of data policies

nifi-docs/src/main/asciidoc/administration-guide.adoc

@@ -381,9 +381,33 @@ Here is an example entry:
 </authorizers>
 ----
 
-After you have edited and saved the 'authorizers.xml' file, restart NiFi. Users and roles from the 'authorized-users.xml' file are converted and added as identities and policies in the 'authorizations.xml' file.  Once the application starts, users who previously had a legacy Admin role can access the UI and begin managing users, groups, and policies.
+After you have edited and saved the 'authorizers.xml' file, restart NiFi. Users and roles from the 'authorized-users.xml' file are converted and added as identities and policies in the 'authorizations.xml' file.  Once the application starts, users who previously had a legacy Administrator role can access the UI and begin managing users, groups, and policies.
 
-NiFi fails to restart if values exist for both the “Initial Admin Identity” and “Legacy Authorized Users File” properties.  You can specify only one of these values to initialize authorizations.
+Here is a summary of policies assigned to each legacy role if the NiFi instance has an existing flow.xml.gz:
+
+[cols=">s,^s,^s,^s,^s,^s,^s", options="header"]
+|==========================
+|                              | Admin | DFM | Monitor | Provenance | NiFi | Proxy
+|view the UI                   |*      |*    |*        |            |      |
+|view the controller           |*      |*    |*        |            |*     |
+|modify the controller         |       |*    |         |            |      |
+|view system diagnostics       |       |*    |*        |            |      |
+|view the dataflow             |*      |*    |*        |            |      |
+|modify the dataflow           |       |*    |         |            |      |
+|view the users/groups         |*      |     |         |            |      |
+|modify the users/groups       |*      |     |         |            |      |
+|view policies                 |*      |     |         |            |      |
+|modify policies               |*      |     |         |            |      |
+|query provenance              |       |     |         |*           |      |
+|view the data                 |       |*    |         |*           |      |*
+|modify the data               |       |*    |         |            |      |*
+|retrieve site-to-site details |       |     |         |            |*     |
+|send proxy user requests      |       |     |         |            |      |*
+|==========================
+
+For details on the policies in the table, see <<access-policies>>.
+
+NOTE: NiFi fails to restart if values exist for both the “Initial Admin Identity” and “Legacy Authorized Users File” properties.  You can specify only one of these values to initialize authorizations.
 
 NOTE: Do not manually edit the 'authorizations.xml' file. Create authorizations only during initial setup and afterwards using the NiFi UI.
 
@@ -517,8 +541,11 @@ Component level access policies govern the following component level authorizati
 |modify the component
 |Allows users to modify component configuration details
 
-|view the provenance events
-|Allows users to access provenance events and content for a component
+|view the data
+|Allows user to view metadata and content for this component through provenance data and flowfile queues in outbound connections
+
+|modify the data
+|Allows user to empty flowfile queues in outbound connections and submit replays
 
 |view the policies
 |Allows users to view the list of users who can view/modify a component