From adbbb5e7d054aa1ec836b9f1ccbb43c4edc5bd89 Mon Sep 17 00:00:00 2001
From: Joseph Doherty <dohejw01@gmail.com>
Date: Mon, 18 May 2026 03:34:13 -0400
Subject: [PATCH] chore(admin): trim explanatory notices from role-grants and
 certificates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Role grants: drop the page notice describing the LDAP-group → role
  mapping semantics; this is moving to the user instructions.
- Certificates: drop the trailing "operators should retry the rejected
  client's connection" note from the trust notice.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../Components/Pages/Certificates.razor                   | 2 +-
 .../Components/Pages/RoleGrants.razor                     | 8 --------
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/src/Server/ZB.MOM.WW.OtOpcUa.Admin/Components/Pages/Certificates.razor b/src/Server/ZB.MOM.WW.OtOpcUa.Admin/Components/Pages/Certificates.razor
index 6a45102..6c41036 100644
--- a/src/Server/ZB.MOM.WW.OtOpcUa.Admin/Components/Pages/Certificates.razor
+++ b/src/Server/ZB.MOM.WW.OtOpcUa.Admin/Components/Pages/Certificates.razor
@@ -8,7 +8,7 @@
 <h1 class="page-title">Certificate trust</h1>
 
 <section class="panel notice rise" style="animation-delay:.02s">
-    PKI store root <span class="mono">@Certs.PkiStoreRoot</span>. Trusting a rejected cert moves the file into the trusted store — the OPC UA server picks up the change on the next client handshake, so operators should retry the rejected client's connection after trusting.
+    PKI store root <span class="mono">@Certs.PkiStoreRoot</span>. Trusting a rejected cert moves the file into the trusted store — the OPC UA server picks up the change on the next client handshake.
 </section>
 
 @if (_status is not null)
diff --git a/src/Server/ZB.MOM.WW.OtOpcUa.Admin/Components/Pages/RoleGrants.razor b/src/Server/ZB.MOM.WW.OtOpcUa.Admin/Components/Pages/RoleGrants.razor
index 0f3533f..e24e50d 100644
--- a/src/Server/ZB.MOM.WW.OtOpcUa.Admin/Components/Pages/RoleGrants.razor
+++ b/src/Server/ZB.MOM.WW.OtOpcUa.Admin/Components/Pages/RoleGrants.razor
@@ -16,14 +16,6 @@
 
 <h1 class="page-title">LDAP group → Admin role grants</h1>
 
-<section class="panel notice rise" style="animation-delay:.02s">
-    Maps LDAP groups to Admin UI roles (ConfigViewer / ConfigEditor / FleetAdmin). Control-plane
-    only — OPC UA data-path authorization reads <span class="mono">NodeAcl</span> rows directly and is
-    unaffected by these mappings (see decision #150). A fleet-wide grant applies across every
-    cluster; a cluster-scoped grant only binds within the named cluster. The same LDAP group
-    may hold different roles on different clusters.
-</section>
-
 <div class="d-flex justify-content-end mb-3">
     <button class="btn btn-primary btn-sm" @onclick="StartAdd">Add grant</button>
 </div>