Gbac gloss

modules/terms/partials/gbac.adoc

@@ -0,0 +1,6 @@
+=== GBAC
+:term-name: GBAC
+:hover-text: Group-based access control lets you manage Redpanda permissions at scale by assigning them to OIDC groups instead of individual users.
+:category: Redpanda security
+
+GBAC lets you manage Redpanda permissions at scale using the groups that already exist in your identity provider (IdP). You define access once for a group and your IdP controls who belongs to it. You can grant permissions to groups in two ways: create ACLs with `Group:<name>` principals, or assign groups as members of RBAC roles. Both approaches can be used independently or together.

modules/terms/partials/principal.adoc

@@ -1,4 +1,6 @@
 === principal
 :term-name: principal
-:hover-text: An entity (such as a user account or a service account) that accesses resources. Principals can be authenticated and granted permissions based on roles to perform operations.
-:category: Redpanda security
+:hover-text: An authenticated identity (user, service account, or group) that Redpanda evaluates when enforcing ACLs and role assignments.
+:category: Redpanda security
+
+Redpanda supports `User:<name>` and `Group:<name>` principal types. Permissions are granted to principals through ACLs or RBAC role assignments.