jwt updates

Author: ShashiSubramanya

modules/ROOT/pages/abac-user-parameters-beta.adoc

@@ -6,16 +6,12 @@
 :page-pageid: abac-user-parameters-beta
 :page-description: Attribute-based access control pattern can be achieved via user parameters sent in the login token
 
-Row-level security (RLS) using Attribute-Based Access Control (ABAC) via tokens in versions 10.3.0.cl and earlier is a __Beta__ implementation.
-
-This article describes the best practices to implement ABAC via tokens in a pre-10.4.0.cl environment.
-
-If your ThoughtSpot instance is on 10.4.0.cl or later, please refer to the xref:abac-user-parameters.adoc[GA documentation]. If you have implemented the beta version of the ABAC and your ThoughtSpot instance is running 10.4.0.cl or later, refer to the instructions in the xref:jwt-migration[migration guide] and update your implementation to use the `auth/token/custom` API endpoint for ABAC token generation.
+This article describes the best practices to implement Row-level security (RLS) using Attribute-Based Access Control (ABAC) in a pre-10.4.0.cl environment. If your ThoughtSpot instance is on 10.4.0.cl or later, please refer to the xref:abac-user-parameters.adoc[GA documentation].
 
 [IMPORTANT]
 ====
 [#beta-warning]
-As this feature directly impacts data security in your environment, ThoughtSpot does not support its use in a Production environment until it becomes Generally Available. ThoughtSpot is working on improvements in the upcoming releases that will change some of the best practices recommended in this article and result in the needed re-work of your deployment's security architecture. To understand the RLS best practices for your use case and  deployment timelines, and to get these features enabled on your ThoughtSpot instances, contact ThoughtSpot Support.
+As this feature directly impacts data security, it's disabled by default on ThoughtSpot instances. With the GA rollout, ThoughtSpot recommends switching your workflow to the `auth/token/custom` API endpoint. For more information, see the xref:jwt-migration[migration guide].
 ====
 
 == Overview

modules/ROOT/pages/abac-user-parameters.adoc

@@ -12,7 +12,7 @@ This article provides a detailed overview of the ABAC implementation via tokens
 
 [IMPORTANT]
 ====
-To enable the ABAC via tokens feature on your instance, contact ThoughtSpot Support.
+The ABAC feature is disabled by default on ThoughtSpot instances. To enable this feature on your instance, contact ThoughtSpot Support.
 ====
 
 
@@ -30,6 +30,13 @@ Several features within ThoughtSpot, such as autocompletion in Search on values
  +
 You must turn off indexing for any field that needs to be restricted by RLS when using ABAC via tokens for RLS, or also include an RLS Rule on fields that must also be filtered for the Indexing system.
 
++
+[NOTE]
+====
+ABAC rules are not supported on Liveboards with AI Highlights and Change Analysis features, and on the Answers generated from Spotter.
+====
+
+
 Mandatory token filters::
 When setting filter rules within the token, you must place the `is_mandatory_token_filter: true` property on every column in a Worksheet or Model where a filter rule is expected. This will deny any access to data if a user has not been assigned values for the expected set of fields.