diff --git a/site2/website/versioned_docs/version-2.4.1/security-authorization.md b/site2/website/versioned_docs/version-2.4.1/security-authorization.md
index bdecf3945a6ca..795e84636b809 100644
--- a/site2/website/versioned_docs/version-2.4.1/security-authorization.md
+++ b/site2/website/versioned_docs/version-2.4.1/security-authorization.md
@@ -31,7 +31,7 @@ You can also enable the authorization for the proxy in the proxy configuration f
 
 ### Proxy Roles
 
-By default, the broker treats the connection between a proxy and the broker as a normal user connection. The broker authenticates the user as the role configured in `proxy.conf`(see ["Enabling TLS Authentication on Proxies"](security-tls-authentication#on-proxies)). However, when the user connects to the cluster through a proxy, the user rarely requires the authentication. The user expects to be able to interact with the cluster as the role for which they have authenticated with the proxy.
+By default, the broker treats the connection between a proxy and the broker as a normal user connection. The broker authenticates the user as the role configured in `proxy.conf`(see ["Enable TLS Authentication on Proxies"](security-tls-authentication.md#enable-tls-authentication-on-proxies)). However, when the user connects to the cluster through a proxy, the user rarely requires the authentication. The user expects to be able to interact with the cluster as the role for which they have authenticated with the proxy.
 
 Pulsar uses *Proxy roles* to enable the authentication. Proxy roles are specified in the broker configuration file, [`conf/broker.conf`](reference-configuration.md#broker). If a client that is authenticated with a broker is one of its ```proxyRoles```, all requests from that client must also carry information about the role of the client that is authenticated with the proxy. This information is called the *original principle*. If the *original principle* misses, the client is not able to access anything.