diff --git a/docs/modules/trino/examples/usage_guide/opa-bundle-trino-cm.yaml b/docs/modules/trino/examples/usage_guide/opa-bundle-trino-cm.yaml
index 8c920b44..d8d200f8 100644
--- a/docs/modules/trino/examples/usage_guide/opa-bundle-trino-cm.yaml
+++ b/docs/modules/trino/examples/usage_guide/opa-bundle-trino-cm.yaml
@@ -4,7 +4,7 @@ kind: ConfigMap
 metadata:
   name: opa-bundle-trino
   labels:
-    opa.stackable.tech/bundle: "trino"
+    opa.stackable.tech/bundle: "true"
 data:
   trino.rego: |
     package trino
diff --git a/docs/modules/trino/pages/usage_guide/security.adoc b/docs/modules/trino/pages/usage_guide/security.adoc
index af7e5c45..86666c7c 100644
--- a/docs/modules/trino/pages/usage_guide/security.adoc
+++ b/docs/modules/trino/pages/usage_guide/security.adoc
@@ -71,14 +71,30 @@ In the Trino CLI and web interface, LDAP users can now be used to log in.
 
 == [[authorization]]Authorization
 
-In order to authorize Trino via OPA, a `ConfigMap` containing Rego rules for Trino has to be applied. The following example is an all-access Rego rule for testing with the user `admin`. Do not use it in production!
+In order to authorize Trino via OPA, a ConfigMap containing a rego rule package for Trino has to be applied and referenced in the TrinoCluster resource.
+The following example is an all-access Rego rule for testing with the user `admin`. Do not use it in production!
 
 [source,yaml]
 ----
 include::example$usage_guide/opa-bundle-trino-cm.yaml[]
 ----
 
-Users should write their own rego rules for more complex OPA authorization.
+Reference the package in the Trino cluster:
+
+[source,yaml]
+----
+...
+spec:
+  clusterConfig:
+    authorization:
+      opa:
+        configMapName: opa  # <1>
+        package: trino      # <2>
+...
+----
+
+<1> The name of the OpaCluster
+<2> The name of the package defined in the rego rule ConfigMap
 
 == Define a secure cluster