diff --git a/security/access_control.rst b/security/access_control.rst
index dfa1e38e7ce..4c5f210b2ae 100644
--- a/security/access_control.rst
+++ b/security/access_control.rst
@@ -111,15 +111,15 @@ if ``ip``, ``port``, ``host`` or ``method`` are not specified for an entry, that
 +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
 | ``/admin/user`` | 127.0.0.1   | 8080        | symfony.com | GET        | rule #1 (``ROLE_USER_PORT``)   | The ``path``, ``ip`` and ``port`` match.                    |
 +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
-| ``/admin/user`` | 168.0.0.1   | 80          | symfony.com | GET        | rule #3 (``ROLE_USER_HOST``)   | The ``ip`` doesn't match the first rule, so the second      |
+| ``/admin/user`` | 168.0.0.1   | 80          | symfony.com | GET        | rule #3 (``ROLE_USER_HOST``)   | The ``ip`` doesn't match the first rule, so the third      |
 |                 |             |             |             |            |                                | rule (which matches) is used.                               |
 +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
-| ``/admin/user`` | 168.0.0.1   | 80          | symfony.com | POST       | rule #3 (``ROLE_USER_HOST``)   | The second rule still matches. This would also match the    |
-|                 |             |             |             |            |                                | third rule (``ROLE_USER_METHOD``), but only the **first**   |
+| ``/admin/user`` | 168.0.0.1   | 80          | symfony.com | POST       | rule #3 (``ROLE_USER_HOST``)   | The third rule still matches. This would also match the    |
+|                 |             |             |             |            |                                | fourth rule (``ROLE_USER_METHOD``), but only the **first**   |
 |                 |             |             |             |            |                                | matched ``access_control`` is used.                         |
 +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
 | ``/admin/user`` | 168.0.0.1   | 80          | example.com | POST       | rule #4 (``ROLE_USER_METHOD``) | The ``ip`` and ``host`` don't match the first two entries,  |
-|                 |             |             |             |            |                                | but the third - ``ROLE_USER_METHOD`` - matches and is used. |
+|                 |             |             |             |            |                                | but the fourth - ``ROLE_USER_METHOD`` - matches and is used. |
 +-----------------+-------------+-------------+-------------+------------+--------------------------------+-------------------------------------------------------------+
 | ``/admin/user`` | 168.0.0.1   | 80          | example.com | GET        | rule #4 (``ROLE_MANAGER``)     | The ``ip``, ``host`` and ``method`` prevent the first       |
 |                 |             |             |             |            |                                | three entries from matching. But since the URI matches the  |