Update system admin description

docs/source/roles/system_manager/manage_users.md

@@ -17,11 +17,11 @@ A helper script for doing this is already uploaded to the domain controller - yo
 
 ### {{lock}} SRE Security Groups
 
-Each user should be assigned to one or more Active Directory "security groups". The key difference between these groups is the level of privilege they have when manipulating databases within the SRE.
+Each user should be assigned to one or more Active Directory "security groups".
 
 - `SG <SRE ID> Research Users`: Almost all researchers should be in this group. No special permissions. Allows users to log in to `<SRE ID>`.
 - `SG <SRE ID> Data Administrators`: Researchers who can create/modify/delete tables in the `data` schema on databases within `<SRE ID>`. `SG <SRE ID> Research Users` can only read these tables. Restricting this access prevents most users from creating/deleting arbitrary tables, which is important because some SREs have their input data in database form.
-- `SG <SRE ID> System Administrators`: Researchers who have full superuser privileges on databases within `<SRE ID>`. Users in this group have full access to the databases and can manipulate them in any way they choose.
+- `SG <SRE ID> System Administrators`: Researchers who have full superuser privileges on databases within `<SRE ID>`. Users in this group have full access to the databases and can manipulate them in any way they choose. System Administrators also have administration privileges on the [Guacamole Remote Desktop](https://guacamole.apache.org/doc/gug/administration.html).
 
 Typically, users with either of the latter two roles should also have the `Research Users` role to allow them to log in to the SRDs within the SRE.