diff --git a/docs/05-administrator-guide/02-configuration/99-appendix.md b/docs/05-administrator-guide/02-configuration/99-appendix.md
index 4c4655c792..5b87f8255f 100644
--- a/docs/05-administrator-guide/02-configuration/99-appendix.md
+++ b/docs/05-administrator-guide/02-configuration/99-appendix.md
@@ -162,6 +162,7 @@ This page provides a comprehensive overview of the configuration keys available
 | `ozone.audit.log.debug.cmd.list.dnaudit` |  | `DATANODE` | A comma separated list of Datanode commands that are written to the DN audit logs only if the audit log level is debug. Ex: "CREATE_CONTAINER,READ_CONTAINER,UPDATE_CONTAINER". |
 | `ozone.audit.log.debug.cmd.list.omaudit` |  | `OM` | A comma separated list of OzoneManager commands that are written to the OzoneManager audit logs only if the audit log level is debug. Ex: "ALLOCATE_BLOCK,ALLOCATE_KEY,COMMIT_KEY". |
 | `ozone.audit.log.debug.cmd.list.scmaudit` |  | `SCM` | A comma separated list of SCM commands that are written to the SCM audit logs only if the audit log level is debug. Ex: "GET_VERSION,REGISTER,SEND_HEARTBEAT". |
+| `ozone.authorization.enabled` | true | `OZONE`, `SECURITY`, `AUTHORIZATION` | Master switch to enable/disable authorization checks in Ozone (admin privilege checks and ACL checks). This property only takes effect when `ozone.security.enabled` is true. When true: admin privilege checks are always performed, and object ACL checks are controlled by `ozone.acl.enabled`. When false: no authorization checks are performed. Default is true. |
 | `ozone.block.deleting.service.interval` | 1m | `OZONE`, `PERFORMANCE`, `SCM` | Time interval of the block deleting service. The block deleting service runs on each datanode periodically and deletes blocks queued for deletion. Unit could be defined with postfix (ns,ms,s,m,h,d) |
 | `ozone.block.deleting.service.timeout` | 300000ms | `OZONE`, `PERFORMANCE`, `SCM` | A timeout value of block deletion service. If this is set greater than 0, the service will stop waiting for the block deleting completion after this time. This setting supports multiple time unit suffixes as described in dfs.heartbeat.interval. If no suffix is specified, then milliseconds is assumed. |
 | `ozone.block.deleting.service.workers` | 10 | `OZONE`, `PERFORMANCE`, `SCM` | Number of workers executed of block deletion service. This configuration should be set to greater than 0. |