diff --git a/modules/terms/partials/gbac.adoc b/modules/terms/partials/gbac.adoc
new file mode 100644
index 000000000..eafeb5ded
--- /dev/null
+++ b/modules/terms/partials/gbac.adoc
@@ -0,0 +1,8 @@
+=== GBAC
+:term-name: GBAC
+:hover-text: Group-based access control lets you assign permissions to OIDC groups so that users inherit access based on their identity provider group membership.
+:category: Redpanda security
+
+GBAC allows you to manage permissions at the group level instead of per user. You can grant permissions to groups in two ways: create xref:ROOT:manage:security/authorization/acl.adoc[ACLs] with `Group:<name>` principals, or assign groups as members of xref:ROOT:manage:security/authorization/rbac.adoc[RBAC] roles. Both approaches can be used independently or together.
+
+For more information, see xref:ROOT:manage:security/authorization/gbac.adoc[].
diff --git a/modules/terms/partials/principal.adoc b/modules/terms/partials/principal.adoc
index dfc46cb82..4746afcee 100644
--- a/modules/terms/partials/principal.adoc
+++ b/modules/terms/partials/principal.adoc
@@ -1,4 +1,6 @@
 === principal
 :term-name: principal
-:hover-text: An entity (such as a user account or a service account) that accesses resources. Principals can be authenticated and granted permissions based on roles to perform operations.
-:category: Redpanda security
\ No newline at end of file
+:hover-text: An authenticated identity (user, service account, or group) that Redpanda evaluates when enforcing ACLs and role assignments.
+:category: Redpanda security
+
+Redpanda supports `User:<name>` and `Group:<name>` principal types. Permissions are granted to principals through xref:ROOT:manage:security/authorization/acl.adoc[ACLs] or xref:ROOT:manage:security/authorization/rbac.adoc[RBAC] role assignments.
\ No newline at end of file