--- a/doc/manual.docbook	Mon Nov 03 11:12:35 2014 +0100
+++ b/doc/manual.docbook	Mon Nov 03 11:12:45 2014 +0100
@@ -16,6 +16,8 @@
 centralized <link xlink:href="http://hg-scm.org/">Mercurial</link>
 repositories using SSH public key authentication; it provides convenient
 and fine-grained key management and access control.
+It provides access control for <link xlink:href="http://mercurial.selenic.com/wiki/Phases">phases</link>
+move (from "draft" to "public").
 </para>
 <para>
 Though mercurial-server is currently targeted at Debian-based systems such
@@ -179,10 +181,14 @@
 </para>
 <itemizedlist>
 <listitem>
-<literal>init</literal>: allow reads, writes, and the creation of new repositories
+<literal>init</literal>: allow reads, writes, publish (move the phase
+of a chageset to "public"), and the creation of new repositories
 </listitem>
 <listitem>
-<literal>write</literal>: allow reads and writes
+<literal>publish</literal>: allow reads, writes and publish changesets
+</listitem>
+<listitem>
+<literal>write</literal>: allow reads and writes (ie. create draft changesets)
 </listitem>
 <listitem>
 <literal>read</literal>: allow only read operations
@@ -192,6 +198,13 @@
 </listitem>
 </itemizedlist>
 <para>
+  The distinction between "write" and "publish" access levels is only
+  meaningful for non-publishing repositories, in which case, the
+  "write" access level allows a user to push "draft" changesets, but
+  not to change their phase to "public". This latter operation require
+  the "publish" access level.
+</para>
+<para>
 A condition is a globpattern matched against a relative path. The two most
 important conditions are
 </para>