While ideally a user/admin would never have to examine the $NIFI_HOME/conf/users.xml or $NIFI_HOME/conf/authorizations.xml files, in my development and debugging, I have had to on more than one occasion. It would be helpful to list the actual policy resource descriptor (e.g. /provenance, /flow, /tenants) in the table in the Admin Guide listing these policies. When the provenance policy was missing for both of my defined users, I could not add it through the UI, so I had to manually edit the authorizations.xml file, but I did not know the resource descriptor a priori, so I had to search the code base for it.
I envision simply adding an additional column to the table and adding the descriptor, including a placeholder if necessary (e.g. /data/process-groups/root-process-group-id).