Adjust file realm docs (#52471)

The existing wording in the file realm docs proved confusing for users as it seemed to indicate that it should _only_ be used as a fallback/recovery realm and that it is not a first class realm. This change attempts to clarify this and point out that recovery is _a_ use case for the file realm but not the only intended one.
elastic · Feb 25, 2020 · abeb837 · abeb837
1 parent 93de946
commit abeb837
Showing 1 changed file with 13 additions and 9 deletions.
diff --git a/x-pack/docs/en/security/authentication/file-realm.asciidoc b/x-pack/docs/en/security/authentication/file-realm.asciidoc
@@ -7,17 +7,21 @@ With the `file` realm, users are defined in local files on each node in the clus
 
 IMPORTANT:  As the administrator of the cluster, it is your responsibility to
 ensure the same users are defined on every node in the cluster. The {stack}
-{security-features} do not deliver any mechanism to guarantee this.
+{security-features} do not deliver any mechanism to guarantee this. You should
+also be aware that you cannot add or manage users in the `file` realm via the
+<<security-user-apis, user APIs>> and you cannot add or manage them in {kib} on the
+*Management / Security / Users* page
 
-The `file` realm is primarily supported to serve as a fallback/recovery realm. It
-is mostly useful in situations where all users locked themselves out of the system
-(no one remembers their username/password). In this type of scenarios, the `file`
-realm is your only way out - you can define a new `admin` user in the `file` realm
-and use it to log in and reset the credentials of all other users.
+The `file` realm is very useful as a fallback or recovery realm. For example in cases where
+the cluster is unresponsive or the security index is unavailable, or when you forget the
+password for your administrative users.
+In this type of scenario, the `file` realm is a convenient way out - you can
+define a new `admin` user in the `file` realm and use it to log in and reset the
+credentials of all other users.
 
 IMPORTANT: When you configure realms in `elasticsearch.yml`, only the realms you
-specify are used for authentication. To use the `file` realm as a fallback, you
-must include it in the realm chain.
+specify are used for authentication. To use the `file` realm you must explicitly
+include it in the realm chain.
 
 To define users, the {security-features} provide the
 <<users-command,users>> command-line tool. This tool enables you to add
@@ -26,4 +30,4 @@ and remove users, assign user roles, and manage user passwords.
 [[file-realm-configuration]]
 ==== Configuring a file realm
 
-include::configuring-file-realm.asciidoc[]
+include::configuring-file-realm.asciidoc[]