Updates doc and addresses review dog errors

DarshitChanpura · DarshitChanpura · commit 3977aaccb983 · 2025-11-20T17:57:21.000-08:00
Signed-off-by: Darshit Chanpura &lt;dchanp@amazon.com&gt;
diff --git a/_ml-commons-plugin/model-sharing-access-control.md b/_ml-commons-plugin/model-sharing-access-control.md
@@ -9,7 +9,7 @@ nav_order: 15
 # ML model group access control
 
 **Status:** Experimental  
-**Replaces:** `plugins.ml_commons.model_access_control_enabled` (on deprecation path; see note below)
+**Replaces:** `plugins.ml_commons.model_access_control_enabled`
 {: .warning }
 
 This page explains how **ML Commons** integrates with the Security plugin’s **Resource Sharing and Access Control** framework to provide **document-level** authorization for **ML model groups**.
@@ -23,20 +23,47 @@ This page explains how **ML Commons** integrates with the Security plugin’s **
 
 - **Resource type:** `ml-model-group`
 - **System index:** `.plugins-ml-model-group`
-- **Onboarded in:** 3.3
+- **Onboarded in:** `3.3`
 
 When resource-level authorization is enabled for this type, each model group’s visibility is governed by a central sharing record. Owners and users with share capability can grant or revoke access for specific **users**, **roles**, or **backend roles**.
 
 Model-groups control access to models.
 {: .note } green
 
+---
+## Enable or disable for this resource type
+
+Add the type to the protected list and enable the feature.
+
+### `opensearch.yml` (3.3+)
+
+```yaml
+plugins.security.experimental.resource_sharing.enabled: true
+plugins.security.system_indices.enabled: true
+plugins.security.experimental.resource_sharing.protected_types:
+  - "ml-model-group"
+````
+
+### Dev Tools (3.4+)
+
+```curl
+PUT _cluster/settings
+{
+  "transient": {
+    "plugins.security.experimental.resource_sharing.enabled": true,
+    "plugins.security.experimental.resource_sharing.protected_types": ["ml-model-group", <existing-resource-types>]
+  }
+}
+```
+{% include copy-curl.html %}
+
 ---
 
 ## ML model group access levels
 
 ML-commons exposes **three access levels** for granting access to a ml-model-group:
 
-### 1. ml_read_only
+### ml_read_only
 This read-only access level grants a read and search only access to the shared model-group.
 
 Following actions are allowed with this access-level:
@@ -45,15 +72,15 @@ Following actions are allowed with this access-level:
 - "cluster:admin/opensearch/ml/models/get"
 ```
 
-### 2. ml_read_write
+### ml_read_write
 This read-write access level grants full access to a ml-model-group except share.
 
 Following actions are allowed with this access level:
 ```yaml
 - "cluster:admin/opensearch/ml/*"
 ```
 
-### 3. ml_full_access
+### ml_full_access
 This access level grants complete access to a ml-model-group and will allow shared user owner-like permission.
 
 Following actions are allowed with this access level:
