Merge pull request #3299 from newrelic/fixing-image-in-user-mgmt-section

Fixing some images and few other small things in user mgmt section

src/content/docs/accounts/accounts-billing/new-relic-one-user-management/add-manage-users-groups-roles.mdx

@@ -53,7 +53,7 @@ For users on the [New Relic One user model](/docs/accounts/original-accounts-bil
 
 ## Overview of user management concepts [#understand-concepts]
 
-To optimally use our more advanced user management features, it's important to first understand the concept of the "access grant." An access grant gives a group of users access to a) a role and b) an account. For a New Relic [organization](/docs/accounts/accounts-billing/account-structure/new-relic-account-structure) that has many accounts, groups typically require more than one access grant because users in a group usually need access to multiple accounts and roles. The diagram below explains the elements that make up an access grant.
+To optimally use our more advanced user management features, it's important to first understand the concept of the "access grant." An access grant gives a group of users access to a specific role on a specific account. For a New Relic [organization](/docs/accounts/accounts-billing/account-structure/new-relic-account-structure) that has many accounts, groups typically require more than one access grant because users in a group usually need access to multiple accounts and roles. The diagram below explains the elements that make up an access grant.
 
 Note that if your organization is on Standard [edition](https://newrelic.com/pricing) and you want to assign a user to a [default group](/docs/accounts/accounts-billing/new-relic-one-user-management/new-relic-one-user-model-understand-user-structure#groups) (**Admin** or **User**), you don't need to create an access grant: you would simply [add a user](#add-users) to that group and you're done. But for Pro and Enterprise edition, if you're trying to grant users access to a custom group, a custom role, or to other accounts, you must create an access grant.
 
@@ -74,10 +74,9 @@ Some tips on setting up access grants:
 
 ## Example user management tasks [#workflow]
 
-![New Relic One user management UI](./images/new-relic-one-user-mgmt.png "new-relic-one-user-mgmt.png")
-
+![New Relic One organization and access UI](./images/new-relic-one-user-mgmt.png "New Relic One organization and access UI")
 <figcaption>
-  In the **Organization and access** UI, you can create custom groups, roles, and grant access to user groups.
+  In the **Organization and access** UI, you can create access grants, custom groups, custom roles, and configure an authentication domain.
 </figcaption>
 
 Here are some example user management procedures:

src/content/docs/accounts/accounts-billing/new-relic-one-user-management/new-relic-one-user-model-understand-user-structure.mdx

@@ -611,8 +611,8 @@ For users on our New Relic One user model, a "group" is what allows the grouping
 
 We have two default groups:
 
-* **User**: has the [**All product admin** role](#standard-role), which grants product feature-related access and configuration abilities but not the organization-level admin abilities (like the ability to manage users or billing).
-* **Admin**: has full access and capabilities, including the organization-level admin abilities. This is the equivalent of having the **All product admin**, the **Billing user**, the **Organization manager** and the **Authentication domain manager** [roles](#standard-role). 
+* **User**: has the [**All product admin** role](#standard-roles), which grants product feature-related access and configuration abilities but not the organization-level admin abilities (like the ability to manage users or billing).
+* **Admin**: has full access and capabilities, including the organization-level admin abilities. This is the equivalent of having the **All product admin**, the **Billing user**, the **Organization manager** and the **Authentication domain manager** [roles](#standard-roles). 
 
 These groups are added inside your default [authentication domain](/docs/accounts/accounts-billing/new-relic-one-user-management/authentication-domains-saml-sso-scim-more/), which includes the default settings of users a) being managed via New Relic and b) logging in via standard email and password. If you add other authentication domains (for SAML SSO and/or SCIM provisioning of users), you'd have new custom groups in those new domains to govern those users. 
 
@@ -653,6 +653,8 @@ For users on the [New Relic One user model](/docs/accounts/original-accounts-bil
 
       <td>
         Basic users, no matter what group they're assigned to, **always** have [basic user](#user-type) abilities, no more and no less. 
+
+        For Standard edition, basic users can't be assigned to groups. For Pro and Enterprise edition, they can.
       </td>
     </tr>
 
@@ -668,7 +670,7 @@ Custom groups can have either our default standard roles, or custom roles.
       </td>
 
       <td>
-A basic user's abilities aren't directly related to roles. A basic user can best be described as having the [**All product admin** role](#standard-roles) but without access to most of our curated UI experiences ([learn more about user type](#user-type)).  
+A basic user's abilities aren't directly defined by a specific role. A basic user can best be described as having the [**All product admin** role](#standard-roles) but without access to Full Stack Observability features ([learn more about user type](#user-type)). 
       </td>
     </tr>
   </tbody>
@@ -753,7 +755,7 @@ Our standard roles include:
       </td>
 
       <td>
-        Provides ability to manage subscriptions and billing setup, and read-only access to the rest of the platform.
+        Provides ability to manage subscriptions and billing setup, and read-only access to the rest of the platform. For organizations with multiple accounts, billing is aggregated in the primary (first-created) account, which is why assigning this role to that primary account grants billing permissions for the entire organization.
       </td>
     </tr>
 
@@ -846,6 +848,8 @@ Our standard roles include:
   </tbody>
 </table>
 
+Note that you can also [create custom roles](/docs/accounts/accounts-billing/new-relic-one-user-management/tutorial-add-new-user-groups-roles-new-relic-one-user-model/#roles). 
+
 ### Capabilities [#capabilities]
 
 A role, whether one of our standard roles or a custom one, is defined as a set of capabilities. In the [**Organization and access** UI](/docs/accounts/accounts-billing/new-relic-one-user-management/add-manage-users-groups-roles/#where), when you choose a role or create a custom role, you can see the available capabilities. 
@@ -855,13 +859,11 @@ Some of our [standard roles](#standard-roles) have hidden capabilities that aren
 </Callout>
 
 ![New Relic capabilities UI screenshot](./images/New-Relic-capabilities-UI-screenshot.png "New-Relic-capabilities-UI-screenshot.png")
-
 <figcaption>
-Here's a view of the capabilities associated with the [**All product admin** role](#standard-roles). When creating a custom role, you can select a custom set of capabilities. Note that our list of capabilities changes over time: this screenshot was taken April 2021. 
-
+Here's a view of the capabilities associated with the [**All product admin** role](#standard-roles). When creating a custom role, you can select a custom set of capabilities. Note that the capabilities we expose may change over time: this screenshot was taken in April of 2021. 
 </figcaption>
 
-For how to set up roles with custom capabilities, see [the user management tutorial](/docs/accounts/accounts-billing/new-relic-one-user-management/tutorial-add-new-user-groups-roles-new-relic-one-user-model/#roles).
+For how to set up roles with custom capabilities, see the [user management tutorial](/docs/accounts/accounts-billing/new-relic-one-user-management/tutorial-add-new-user-groups-roles-new-relic-one-user-model/#roles).
 
 ## Manage users
 

src/nav/accounts.yml

@@ -24,6 +24,8 @@ pages:
         pages:
           - title: Intro to account settings
             path: /docs/accounts/accounts-billing/general-account-settings/introduction-account-settings
+          - title: Manage data
+            path: /docs/telemetry-data-platform/manage-data/manage-your-data
           - title: Email settings
             path: /docs/accounts/accounts/account-maintenance/account-email-settings
           - title: Password requirements