docs: Clarify RBAC requirement for local users (#3361)

* Clarify RBAC requirement for local users

* Update docs/operator-manual/user-management/index.md

Co-Authored-By: Alexander Matyushentsev <AMatyushentsev@gmail.com>

Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

docs/operator-manual/rbac.md

@@ -2,8 +2,8 @@
 
 The RBAC feature enables restriction of access to Argo CD resources. Argo CD does not have its own
 user management system and has only one built-in user `admin`. The `admin` user is a superuser and
-it has unrestricted access to the system. RBAC requires [SSO configuration](user-management/index.md). Once SSO is
-configured, additional RBAC roles can be defined, and SSO groups can man be mapped to roles.
+it has unrestricted access to the system. RBAC requires [SSO configuration](user-management/index.md) or [one or more local users setup](user-management/index.md). 
+Once SSO or local users are configured, additional RBAC roles can be defined, and SSO groups or local users can man be mapped to roles.
 
 ## Basic Built-in Roles
 

docs/operator-manual/user-management/index.md

@@ -14,6 +14,9 @@ login history etc. So if you need such features it is strongly recommended to us
 
 !!! warning "Make sure to read about security limitations related to local users in [security considerations](../../security_considerations.md) document"
 
+!!! note
+    When you create local users, each of those users will need additional [RBAC rules](../rbac.md) set up, otherwise they will fall back to the default policy specified by `policy.default` field of the `argocd-rbac-cm` ConfigMap.
+
 ### Create new user
 
 New users should be defined in `argocd-cm` ConfigMap: