mongodb · pfryerda · Jul 19, 2016 · Jul 25, 2016
diff --git a/source/core/authorization.txt b/source/core/authorization.txt
@@ -15,58 +15,54 @@ Role-Based Access Control
 MongoDB employs Role-Based Access Control (RBAC) to govern access to a
 MongoDB system. A user is granted one or more :ref:`roles <roles>` that
 determine the user's access to database resources and operations. Outside
-of role assignments, the user has no access to the system.
 
 Enable Access Control
 ---------------------
 
-MongoDB does not enable access control by default. You can enable
-authorization using the :option:`--auth` or the
+Access control is not enabled by default in MongoDB. You can enable
+authorization using :option:`--auth` or the
 :setting:`security.authorization` setting. Enabling :doc:`internal
 authentication </core/security-internal-authentication>` also enables
 client authorization.
 
-Once access control is enabled, users must :doc:`authenticate
-</core/authentication>` themselves.
+Once access control is enabled, users must be :doc:`authenticated
+</core/authentication>`.
 
 .. _roles:
 
 Roles
 -----
 
-A role grants privileges to perform the specified :ref:`actions
-<security-user-actions>` on :doc:`resource
-</reference/resource-document>`. Each privilege is either specified
-explicitly in the role or inherited from another role or both.
+Roles grant privileges to perform :ref:`actions
+<security-user-actions>` on :doc:`resources
+</reference/resource-document>`. Privileges are either specified
+explicitly in the role, inherited from another role, or both.
 
 .. _privileges:
 
 Privileges
 ~~~~~~~~~~
 
-A privilege consists of a specified resource and the actions permitted on the
+A privilege consists of a single resource and the actions permitted on that
 resource.
 
-A :doc:`resource </reference/resource-document>` is a database,
-collection, set of collections, or the cluster. If the resource is the
-cluster, the affiliated actions affect the state of the system rather
-than a specific database or collection. For information on the resource
-documents, see :doc:`/reference/resource-document`.
+A :doc:`resource </reference/resource-document>` is a database, 
+collection, set of collections, or cluster. For clusters, the affiliated 
+actions affect the system state rather than a specific database 
+or collection. For information on resource documents, 
+see :doc:`/reference/resource-document`.
 
-An :doc:`action </reference/privilege-actions>` specifies the operation
-allowed on the resource. For available actions see
-:doc:`/reference/privilege-actions`.
+An :doc:`action </reference/privilege-actions>` is an operation that can be used
+on a resource. For available actions see :doc:`/reference/privilege-actions`.
 
 .. _inheritance:
 
 Inherited Privileges
 ~~~~~~~~~~~~~~~~~~~~
 
-A role can include one or more existing roles in its definition, in which case
-the role inherits all the privileges of the included roles.
-
-A role can inherit privileges from other roles in its database. A role created
-on the ``admin`` database can inherit privileges from roles in any database.
+A role can include one or more pre-existing roles from its database in its definition. Roles inherit 
+all privileges from their included roles. A role created on the ``admin``
+database can inherit privileges from roles in any database.
 
 View Role's Privileges
 ~~~~~~~~~~~~~~~~~~~~~~
@@ -78,14 +74,14 @@ command with the ``showPrivileges`` and ``showBuiltinRoles`` fields both set to
 Users and Roles
 ---------------
 
-You can assign roles to users during the user creation. You can also
+Roles can be assigned to users during user creation. An administrator can also
 update existing users to grant or revoke roles. For a full list of user
 management methods, see :ref:`user-management-methods`
 
-A user assigned a role receives all the privileges of that role. A user
-can have multiple roles. By assigning to the user roles in various
-databases, a user created in one database can have permissions to act on
-other databases.
+Users assigned a role receive all privileges associated with that role. A user
+can have multiple roles. By assigning a user roles in various databases, a 
+user created in one database can have permission to perform actions on
+another database.
 
 .. note::
 
@@ -97,7 +93,7 @@ Built-In Roles and User-Defined Roles
 -------------------------------------
 
 MongoDB provides :doc:`built-in roles </core/security-built-in-roles>` that
-provide set of privileges commonly needed in a database system.
+define privileges commonly needed in a database system.
 
 If these built-in-roles cannot provide the desired set of privileges,
 MongoDB provides methods to create and modify :doc:`user-defined roles

diff --git a/source/tutorial/enforce-keyfile-access-control-in-existing-replica-set.txt b/source/tutorial/enforce-keyfile-access-control-in-existing-replica-set.txt
@@ -30,7 +30,7 @@ use a :doc:`user account</core/authorization>`. See
 :ref:`security-replSet-auth-access-control`.
 
 Cloud Manager and Ops Manager
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+-----------------------------
 
 If Cloud Manager or Ops Manager is managing your deployment,
 see: ``Configure Access Control for MongoDB Deployments``