From bdf13bd3fc3a7f8be247cedf9db39411d132134f Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 11 May 2010 21:20:13 +0000
Subject: [PATCH] MINOR Documentation

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104610 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 security/PermissionRole.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security/PermissionRole.php b/security/PermissionRole.php
index bccaea8fc..3f2dd0da1 100644
--- a/security/PermissionRole.php
+++ b/security/PermissionRole.php
@@ -5,6 +5,11 @@
  * Because permission codes are very granular, this lets website administrators create more
  * business-oriented units of access control - Roles - and assign those to groups.
  * 
+ * If the <b>OnlyAdminCanApply</b> property is set to TRUE, the role can only be assigned
+ * to new groups by a user with ADMIN privileges. This is a simple way to prevent users
+ * with access to {@link SecurityAdmin} (but no ADMIN privileges) to get themselves ADMIN access
+ * (which might be implied by certain roles).
+ * 
  * @package sapphire
  * @subpackage security
  */