Gbac gloss

modules/terms/partials/gbac.adoc

@@ -0,0 +1,8 @@
+=== GBAC
+:term-name: GBAC
+:hover-text: Group-based access control lets you assign permissions to OIDC groups so that users inherit access based on their identity provider group membership.
+:category: Redpanda security
+
+GBAC allows you to manage permissions at the group level instead of per user. You can grant permissions to groups in two ways: create xref:ROOT:manage:security/authorization/acl.adoc[ACLs] with `Group:<name>` principals, or assign groups as members of xref:ROOT:manage:security/authorization/rbac.adoc[RBAC] roles. Both approaches can be used independently or together.
+
+For more information, see xref:ROOT:manage:security/authorization/gbac.adoc[].

modules/terms/partials/principal.adoc

@@ -1,4 +1,6 @@
 === principal
 :term-name: principal
-:hover-text: An entity (such as a user account or a service account) that accesses resources. Principals can be authenticated and granted permissions based on roles to perform operations.
-:category: Redpanda security
+:hover-text: An authenticated identity (user, service account, or group) that Redpanda evaluates when enforcing ACLs and role assignments.
+:category: Redpanda security
+
+Redpanda supports `User:<name>` and `Group:<name>` principal types. Permissions are granted to principals through xref:ROOT:manage:security/authorization/acl.adoc[ACLs] or xref:ROOT:manage:security/authorization/rbac.adoc[RBAC] role assignments.