Merge pull request #34533 from timdeschryver/issue/34525

fix role access descriptions in authorization documentation

Author: Rick-Anderson

aspnetcore/security/authorization/roles.md

@@ -138,8 +138,8 @@ If multiple attributes are applied at the controller and action levels, ***all**
 
 In the preceding `ControlAllPanelController` controller:
 
-* Members of the `Administrator` role or the `PowerUser` role can access the controller and the `SetTime` action.
-* Only members of the `Administrator` role can access the `ShutDown` action.
+* Members of the `Administrator` role can access the controller and the `SetTime` action.
+* Only members of the `Administrator` **and** the `PowerUser` role can access the `ShutDown` action.
 
 You can also lock down a controller but allow anonymous, unauthenticated access to individual actions.