corrections

Signed-off-by: Shruti Deshpande <shdeshpa@redhat.com>

Author: shdeshpa07

backup_and_restore/application_backup_and_restore/oadp-self-service/oadp-self-service-admin-use-cases.adoc

@@ -24,9 +24,6 @@ include::modules/oadp-self-service-approving-nabsl.adoc[leveloffset=+1]
 
 include::modules/oadp-self-service-rejecting-nabsl.adoc[leveloffset=+1]
 
-
-As a cluster administrator, you can also enforce policies in the `DataProtectionApplication` (DPA) spec template. The spec enforcement applies to Self-Service CRs such as the `NonAdminBackup`, `NonAdminRestore`, and `NonAdminBackupStorageLocation`. 
-
 include::modules/oadp-self-service-admin-spec-enforcement.adoc[leveloffset=+1]
 
 include::modules/oadp-self-service-admin-spec-enforce-nabsl.adoc[leveloffset=+1]

backup_and_restore/application_backup_and_restore/oadp-self-service/oadp-self-service.adoc

@@ -16,16 +16,16 @@ include::modules/oadp-self-service-how-it-works.adoc[leveloffset=+1]
 
 include::modules/oadp-self-service-prerequisites.adoc[leveloffset=+1]
 
+include::modules/oadp-self-service-namespace-permissions.adoc[leveloffset=+1]
+
 include::modules/oadp-self-service-unsupported-features.adoc[leveloffset=+1]
 
-include::modules/oadp-self-service-namespace-permissions.adoc[leveloffset=+1]
+include::modules/oadp-self-service-phases.adoc[leveloffset=+1]
 
 include::modules/oadp-self-service-admin-enabling.adoc[leveloffset=+1]
 
 include::modules/oadp-self-service-admin-disabling.adoc[leveloffset=+1]
 
-include::modules/oadp-self-service-phases.adoc[leveloffset=+1]
-
 include::modules/oadp-self-service-creating-nab.adoc[leveloffset=+1]
 
 include::modules/oadp-self-service-creating-nar.adoc[leveloffset=+1]

images/oadp-self-service.svg

@@ -6,7 +6,9 @@
 [id="oadp-self-service-about-nabsl_{context}"]
 = About `NonAdminBackupStorageLocation` CR
 
-A `NonAdminBackupStorageLocation` (NABSL) is a custom resource that a non-admin user can create to store the backup data. To ensure that the NABSL CR is created and used securely, there are cluster administrator controls in place. The cluster administrator manages the NABSL CR to conform to company policies, compliance requirements, and so on.
+A `NonAdminBackupStorageLocation` (NABSL) is a custom resource that a non-admin user can create to store the backup data. 
+
+To ensure that the NABSL CR is created and used securely, there are cluster administrator controls in place. The cluster administrator manages the NABSL CR to conform to company policies, compliance requirements, and so on.
 
 You can create a NABSL CR by using one of the following workflows:
 

modules/oadp-self-service-about-nabsl.adoc

@@ -11,13 +11,11 @@ You can use the `spec.nonAdmin.enable` section of the `DataProtectionApplication
 .Prerequisites
 
 * You are logged in to the cluster with administrator privileges.
-* You have installed the {oadp-short} Operator in the non-admin user namespace.
-* You have configured the DPA according to your requirement.
 * You have enabled {oadp-short} Self-Service in the DPA.
 
 .Procedure
 
-. To disable Self-Service in the non-admin namespace, edit the DPA and set the `nonAdmin.enable` field to `false` as shown in the following example.
+. To disable Self-Service, edit the DPA and set the `nonAdmin.enable` field to `false` as shown in the following example.
 +
 .Example `DataProtectionApplication`
 [source,yaml]

modules/oadp-self-service-admin-disabling.adoc

@@ -12,7 +12,7 @@ You must be a cluster administrator to enable the {oadp-short} Self-Service feat
 
 * You are logged in to the cluster with administrator privileges.
 * You have installed the {oadp-short} Operator.
-* You have configured the `DataProtectionApplication` according to your requirement.
+* You have configured the DPA CR.
 
 .Procedure
 

modules/oadp-self-service-admin-enabling.adoc

@@ -6,6 +6,8 @@
 [id="oadp-self-service-admin-spec-enforcement_{context}"]
 = {oadp-short} Self-Service administrator DPA spec enforcement
 
+As a cluster administrator, you can also enforce policies in the `DataProtectionApplication` (DPA) spec template. The spec enforcement applies to Self-Service CRs such as the `NonAdminBackup`, `NonAdminRestore`, and `NonAdminBackupStorageLocation`. 
+
 To ensure secure backup and restore, {oadp-short} Self-Service automatically excludes the following resources from being backed up or restored:
 
 * Security Context Constraints (SCCs)

modules/oadp-self-service-admin-spec-enforcement.adoc

@@ -4,7 +4,7 @@
 
 :_mod-docs-content-type: PROCEDURE
 [id="oadp-self-service-approving-nabsl_{context}"]
-= Approving `NonAdminBackupStorageLocation` request
+= Approving a `NonAdminBackupStorageLocation` request
 
 As a cluster administrator, to approve a `NonAdminBackupStorageLocation` (NABSL) CR request, you can edit the `NonAdminBackupStorageLocationRequest` CR and set the `approvalDecision` to `"approve"`.
 

modules/oadp-self-service-approving-nabsl.adoc

@@ -8,8 +8,8 @@
 
 The {oadp-short} Self-Service feature has the following new custom resources (CRs) to enable the backup and restore operations for a non-admin user:
 
-* `NonAdminController` (NAC): Used to control and orchestrate the Self-Service operations.
-* `NonAdminBackup` (NAB): Used to manage namespace-scoped backup operations.
-* `NonAdminRestore` (NAR): Used to manage namespace-scoped restore operations.
-* `NonAdminBackupStorageLocation` (NABSL): Used to define user specific backup storage locations. 
-* `NonAdminDownloadRequest` (NADR) - Used to manage namespace-scoped download request operations.
+* `NonAdminController` (NAC): Controls and orchestrates the Self-Service operations.
+* `NonAdminBackup` (NAB): Manages namespace-scoped backup operations.
+* `NonAdminRestore` (NAR): Manages namespace-scoped restore operations.
+* `NonAdminBackupStorageLocation` (NABSL): Defines user specific backup storage location. 
+* `NonAdminDownloadRequest` (NADR) : Manages namespace-scoped download request operations.

modules/oadp-self-service-components.adoc

@@ -17,7 +17,7 @@ When you create a NAB CR:
 Following are some important points to take note of, when you create a NAB CR:
 
 * The `NonAdminBackup` CR creates the `Velero` backup object in a secure way so that other non-admin users cannot access the CR.
-* As a non-admin user, you cannot specify the namespace to back up. The namespace from which the NAB CR is created, is the namespace that will be backed up.
+* As a non-admin user, you can only specify your authorized namespace in the NAB CR. You get an error when you specify a namespace you are not authorized to use.
 
 .Prerequisites
 

modules/oadp-self-service-creating-nab.adoc

@@ -32,7 +32,7 @@ spec:
     backupName: test-nab # <2>
 ----
 1. Specify a name for the NAR CR. In this example, the name of the NAR CR is `test-nar`.
-2. Specify the `NonAdminBackup` CR you to restore from. In this example, the NAB is `test-nab`.
+2. Specify the NAB CR you want to restore from. In this example, the NAB CR is `test-nab`.
 
 . To create the NAR CR, run the following command:
 +

modules/oadp-self-service-creating-nar.adoc

@@ -16,7 +16,7 @@ The `NonAdminBackupStorageLocation` (NABSL) administrator approval workflow is a
 
 .Procedure
 
-. To enable the NABSL administrator approval workflow, edit the DPA and:
+* To enable the NABSL administrator approval workflow, edit the DPA and:
 .. Add the `requireApprovalForBSL` field as shown in the example.
 .. Set the `requireApprovalForBSL` field to `true`.
 +

modules/oadp-self-service-enabling-nabsl-approval.adoc

@@ -6,9 +6,9 @@
 [id="oadp-self-service-overview_{context}"]
 = {oadp-short} Self-Service overview
 
-In the earlier versions of {oadp-full}, you needed to have cluster-wide administrator privileges to perform {oadp-short} operations such as backing up and restoring an application, creating a backup storage location, and so on. 
+In the earlier versions of {oadp-full}, you needed cluster-wide administrator privileges to perform {oadp-short} operations such as backing up and restoring an application, creating a backup storage location, and so on. 
 
-With {oadp-short} 1.5.0 onward, you do not need to have cluster-wide administrator privileges to perform the backup and restore operations. {oadp-short} Self-Service introduces a significant change to backup and restore operations in {product-title}.
+With {oadp-short} 1.5.0 onward, you do not need cluster-wide administrator privileges to perform the backup and restore operations. 
 
 The {oadp-short} Self-Service feature provides secure self-service data protection capabilities for users without administrator privileges, while maintaining proper access controls.
 
@@ -31,7 +31,9 @@ Note that, {oadp-short} Self-service does not support cross-cluster restore.
 
 = What namespace-scoped backup and restore means
 
-The {oadp-short} Self-Service feature ensures that non-admin users can only operate within their authorized namespace and permissions. For example, if you do not have access to a namespace, as a non-admin user, you cannot back up that namespace.
+The {oadp-short} Self-Service feature ensures that non-admin users can only operate within their authorized namespace. For example, if you do not have access to a namespace, as a non-admin user, you cannot back up that namespace.
+
+This also means that a non-admin user cannot access backup and restore data of other users.
 
 The cluster administrator enforces the access control through custom resources that securely manage the backup and restore operations.
 

modules/oadp-self-service-overview.adoc

@@ -6,7 +6,9 @@
 [id="oadp-self-service-phases_{context}"]
 = {oadp-short} Self-Service backup and restore phases
 
-When you create a `NonAdminBackup` (NAB) or a `NonAdminRestore` (NAR) CR, you can check the CR status in the `status.phase` field of these CRs. The `status.phase` field is a summary of the lifecycle of the CRs. The lifecycle phases can only move forward. That means, when a phase changes, it cannot go back to the earlier value. The `NonAdminController` (NAC) validates the CRs and sends the status back to the NAB and NAR CRs.
+When you create a `NonAdminBackup` (NAB) or a `NonAdminRestore` (NAR) CR, you can check the CR status in the `status.phase` field of these CRs. The `status.phase` field is a summary of the lifecycle of the CRs. 
+
+The lifecycle phases can only move forward. This means, when a phase changes, it cannot go back to the earlier value. The `NonAdminController` (NAC) validates the CRs and sends the status back to the NAB and NAR CRs.
 
 .Phases
 |===

modules/oadp-self-service-phases.adoc

@@ -4,7 +4,7 @@
 
 :_mod-docs-content-type: PROCEDURE
 [id="oadp-self-service-rejecting-nabsl_{context}"]
-= Rejecting `NonAdminBackupStorageLocation` request
+= Rejecting a `NonAdminBackupStorageLocation` request
 
 As a cluster administrator, to reject a `NonAdminBackupStorageLocation` (NABSL) CR request, you can edit the `NonAdminBackupStorageLocationRequest` CR and set the `approvalDecision` to `"reject"`.
 

modules/oadp-self-service-rejecting-nabsl.adoc

@@ -6,7 +6,7 @@
 [id="oadp-self-service-unsupported-features_{context}"]
 = {oadp-short} Self-Service unsupported features
 
-Following features are not supported by {oadp-short} Self-Service:
+The following features are not supported by {oadp-short} Self-Service:
 
 * Cross cluster backup and restore, or migrations are not supported. These {oadp-short} operations are supported for the cluster administrator.
 * A non-admin user cannot create a `VolumeSnapshotLocation` (VSL) CR. The cluster administrator creates and configures the VSL in the `DataProtectionApplication` (DPA) for a non-admin user.