[CR] change wording

docs/security/access-control-lists.md

@@ -27,7 +27,7 @@ Installations that have more than one user / credentials will require to run a c
 
 ### Replacing credentials
 
-To replace the credentials of the (single) user in a lakefs installation:
+In non-ACL setup (single user), replacing credentials can be done as follows:
 1. Delete the existing user:
     ```shell
     lakectl auth users delete --id <user-id>
@@ -46,12 +46,12 @@ To replace the credentials of the (single) user in a lakefs installation:
 4. Re-run lakeFS server
 
 {: .note .warning}
-> Calling the `superuser` command with `--access-key-id` and without `--secret-access-key` will make lakefs try to 
-> import an existing user (see [Migration of existing user](#migration-of-existing-user)).
+> Calling the `superuser` command with pre-defined `--access-key-id` and `--secret-access-key` is possible,
+> but should be done with caution. Make sure that `--secret-access-key` is **not empty**,
+> as providing an access key without a secret key will trigger an ACL import flow
+> (see [Migration of existing user](#migration-of-existing-user)).
 > In case you already deleted the user by following step (1), this import operation will **fail** and result in an 
-> **unrecoverable** state, and a clean installation is the only way out.
-> 
-> In general, replacing credentials is a risky operation. Proceed with caution.
+> **unrecoverable** state, from which a clean installation is the only way out.
 
 ## ACLs
 
@@ -102,4 +102,4 @@ For example, if you have a user with username `<my-username>` and credential key
 lakefs superuser --user-name <my-username> --access-key-id <my-access-key-id>
 ```
   
-After running the command you will be able to access the installation using the user's access key id and its respective secret access key.
+After running the command you will be able to access the installation using the user's access key id and its respective secret access key.