1 files changed, 61 insertions, 0 deletions

diff --git a/docs/zcml/default_permission.rst b/docs/zcml/default_permission.rst
new file mode 100644
index 000000000..39edbacd4
--- /dev/null
+++ b/docs/zcml/default_permission.rst
@@ -0,0 +1,61 @@
+.. _default_permission_directive:
+
+``default_permission``
+-------------------------------
+
+Set the default permission to be used by all :term:`view
+configuration` registrations.
+
+This directive accepts a single attribute ,``name``, which should be
+used as the default permission string.  An example of a permission
+string:``view``.  Adding a default permission makes it unnecessary to
+protect each view configuration with an explicit permission, unless
+your application policy requires some exception for a particular view.
+
+If a default permission is *not* set, views represented by view
+configuration registrations which do not explicitly declare a
+permission will be executable by entirely anonymous users (any
+authorization policy is ignored).
+
+There can be only one default permission active at a time within an
+application, thus the default permission directive can only be used
+once in any particular set of ZCML.
+
+.. note:  This API is new as of :mod:`repoze.bfg` version 1.3.
+
+Attributes
+~~~~~~~~~~
+
+``name`` must be a string representing a :term:`permission`,
+    e.g. ``view``.
+
+
+    The ``secret`` is a string that will be used to encrypt the data
+    stored by the cookie.  It is required and has no default.
+
+Example
+~~~~~~~
+
+.. code-block:: xml
+   :linenos:
+
+   <default_permission
+    name="view"
+    />
+
+Alternatives
+~~~~~~~~~~~~
+
+Using the ``default_permission`` argument to the
+:class:`repoze.bfg.configuration.Configurator` constructor can be used
+to achieve the same purpose.
+
+Using the
+:meth:`repoze.bfg.configuration.Configurator.set_default_permission`
+method can be used to achieve the same purpose when using imperative
+configuration.
+
+See Also
+~~~~~~~~
+
+See also :ref:``setting_a_default_permission``.