From 04f44730dab4aae68bbe5805444537f38b41332f Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 5 Oct 2016 11:48:52 +0200
Subject: [PATCH] replace Terms and Definitions with a general introduction

---
 pveum.adoc | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/pveum.adoc b/pveum.adoc
index 294de43..e11a2ed 100644
--- a/pveum.adoc
+++ b/pveum.adoc
@@ -183,9 +183,20 @@ https://developers.yubico.com/Software_Projects/YubiKey_OTP/YubiCloud_Validation
 host your own verification server].
 
 
-Terms and Definitions
+Permission Management
 ---------------------
 
+In order for a user to perform an action (such as listing, modifying or
+deleting a parts of a VM configuration), the user needs to have the
+appropriate permissions.
+
+{pve} uses a role and path based permission management system. An entry in
+the permissions table allows a user or group to take on a specific role
+when accessing an 'object' or 'path'. This means an such an access rule can
+be represented as a triple of '(path, user, role)' or '(path, group,
+role)', with the role containing a set of allowed actions, and the path
+representing the target of these actions.
+
 
 Objects and Paths
 ~~~~~~~~~~~~~~~~~
-- 
2.39.2