--- a/README	Tue Apr 22 09:46:29 2008 +0100
+++ b/README	Tue Apr 22 10:13:39 2008 +0100
@@ -132,6 +132,7 @@
 user=<globpattern> - user's key
 repo=<globpattern> - repo (as the user supplies it)
 file=<globpattern> - file in the repo
+branch=<globpattern> - name of the branch
 
 The first rule in the file which has all its conditions satisfied is
 used to determine whether an action is allowed.
@@ -145,10 +146,11 @@
 
 FILE CONDITIONS
 
-The rules file is used to make three decisions:
+The rules file is used to make four decisions:
 
 - Whether to allow a repository to be created
 - Whether to allow access to a repository
+- Whether to allow a changeset on a particular branch at all
 - Whether to allow a changeset to change a particular file
 
 When the first two of these decisions are being made, nothing is known
@@ -172,6 +174,18 @@
 
 - For similar reasons, don't give "init" rules file conditions.
 
+LOCKING YOURSELF OUT
+
+If you find yourself "locked out" - that is, that you no longer have
+the permissions needed in hgadmin - you can break back in again if
+you're able to become the "hg" user on the repository host.  Once you
+are that user, delete ~hg/.ssh/authorized_keys (to stop any user who
+might have access but shouldn't from using the repository while you
+fix things).  Then go into ~hg/repos/hgadmin, do an "hg update", edit
+things to your satisfaction, and commit the change.  Finally, run
+~/admin/hg-admin-tools/refresh-auth to regenerate
+~hg/.ssh/authorized_keys. 
+
 THANKS
 
 Thanks for reading this far.  If you use hg-admin-tools, please tell