From 7241d39826626b688b32feb0806b211963fcaaea Mon Sep 17 00:00:00 2001
From: Steven Martin <steven@goteleport.com>
Date: Wed, 23 Oct 2024 18:16:17 -0400
Subject: [PATCH] docs: remove deny in impersonation (#47871)

---
 .../access-controls/guides/impersonation.mdx    | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/docs/pages/admin-guides/access-controls/guides/impersonation.mdx b/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
index 3d401c4eecf25..0d679c5db3f69 100644
--- a/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
+++ b/docs/pages/admin-guides/access-controls/guides/impersonation.mdx
@@ -86,11 +86,6 @@ spec:
       users: ['jenkins']
       roles: ['jenkins']
 
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 Create the `role` resource:
@@ -207,12 +202,6 @@ spec:
       where: >
         equals(impersonate_role.metadata.labels["group"], "security") && 
         equals(impersonate_user.metadata.labels["group"], "security")
-
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 ```code
@@ -283,12 +272,6 @@ spec:
       where: >
         contains(user.spec.traits["group"], impersonate_role.metadata.labels["group"]) && 
         contains(user.spec.traits["group"], impersonate_user.metadata.labels["group"])
-
-  # The deny section uses the identical format as the 'allow' section.
-  # The deny rules always override allow rules.
-  deny:
-    node_labels:
-      '*': '*'
 ```
 
 While user traits typically come from an external identity provider, we can test