acrolinx · mrnyax · Jul 4, 2023 · Jun 2, 2023 · Jun 2, 2023 · Jun 6, 2023
diff --git a/apiary.apib b/apiary.apib
@@ -2235,19 +2235,6 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
             }
         }
 
-+ Response 403 (application/json)
-
-        // when you can't assign privileges you don't have when you create users
-        {
-        "links": {},
-            "error": {
-                "detail": "It's not possible to make these changes. You can only create or edit a user with privileges that also apply to your user account.",
-                "type": "insufficientPrivileges",
-                "title": "Insufficient privileges",
-                "status": 403
-            }
-        }
-
 + Response 409 (application/json)
 
         // when the user was created more than once
@@ -2698,6 +2685,19 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
             }
         }
 
++ Response 403 (application/json)
+
+        // when you can't assign Super Administrator role because you don't have the Super Administrator role when you create users
+        {
+        "links": {},
+            "error": {
+                "detail": "It's not possible to make these changes. You need Super Administrator role to create or edit a user with this role.",
+                "type": "insufficientPrivileges",
+                "title": "Insufficient privileges",
+                "status": 403
+            }
+        }
+
 + Response 409 (application/json)
 
         // when the same user was created more than once
@@ -3137,12 +3137,12 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
 
         // when you don't have the privilege to update users
         {
-        "links": {},
-            "error": {
-                "detail": "The user does not have the required privileges to perform the operation.",
-                "type": "insufficientPrivileges",
-                "title": "Insufficient privileges",
-                "status": 403
+            "links": {},
+                "error": {
+                    "detail": "The user doesn't have the privileges required to perform the operation.",
+                    "type": "insufficientPrivileges",
+                    "title": "Insufficient privileges",
+                    "status": 403
             }
         }
 
@@ -3164,7 +3164,7 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
 
     You can update a user's role.
 
-    In this example, only the `roles` attribute will change for the user `fred`. This was identified in the database by its *id*. Each user needs at least one assigned role. This doesn't apply to built-in users. You can only grant privileges that you yourself have (privilege escalation). If you add a role that doesn't exist, the call will fail and the error message will show the unknown roles that were referenced.
+    In this example, only the `roles` attribute will change for the user `fred`. This was identified in the database by its *id*. Each user needs at least one assigned role. This doesn't apply to built-in users. You can only assign Super Administrator role if you have Super Administrator role. If you add a role that doesn't exist, the call will fail and the error message will show the unknown roles that were referenced.
 
     + Headers
 
@@ -3274,6 +3274,19 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
             }
         }
 
++ Response 403 (application/json)
+
+        // when you can't assign Super Administrator role because you don't have the Super Administrator role when you edit users
+        {
+        "links": {},
+            "error": {
+                "detail": "It's not possible to make these changes. You need Super Administrator role to create or edit a user with this role.",
+                "type": "insufficientPrivileges",
+                "title": "Insufficient privileges",
+                "status": 403
+            }
+        }
+
 + Response 409 (application/json)
 
         // when you try to update a built-in user
@@ -3503,19 +3516,6 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
             }
         }
 
-+ Response 403 (application/json)
-
-        // when you can't assign privileges you don't have when you edit users
-        {
-        "links": {},
-            "error": {
-                "detail": "It's not possible to make these changes. You can only create or edit a user with privileges that also apply to your user account.",
-                "type": "insufficientPrivileges",
-                "title": "Insufficient privileges",
-                "status": 403
-            }
-        }
-
 + Response 404 (application/json)
 
         // when a role wasn't found in the database based on its *id*
@@ -3668,19 +3668,6 @@ For Core Platform versions 2021.05 to 2022.02, the following apply:
             }
         }
 
-+ Response 403 (application/json)
-
-        // when you can't assign privileges you don't have when you edit users
-        {
-        "links": {},
-            "error": {
-                "detail": "It's not possible to make these changes. You can only create or edit a user with privileges that also apply to your user account.",
-                "type": "insufficientPrivileges",
-                "title": "Insufficient privileges",
-                "status": 403
-            }
-        }
-
 + Response 404 (application/json)
 
         // when a role wasn't found in the database based on its *id*