# HG changeset patch
# User Paul Crowley <paul@lshift.net>
# Date 1255536604 -3600
# Node ID a5850a63390fe7ab99f425a255af2925a4de02e7
# Parent  e8bf13d06582679d44674df934bc59f0b00fb278
Move basic access control to the start of access control

diff -r e8bf13d06582 -r a5850a63390f doc/manual.docbook
--- a/doc/manual.docbook	Wed Oct 14 17:06:53 2009 +0100
+++ b/doc/manual.docbook	Wed Oct 14 17:10:04 2009 +0100
@@ -142,18 +142,17 @@
 However, using <literal>hgadmin</literal> is usually more convenient if you need to make more than a very few changes; it also makes it easier to share administration with others and provides a log of all changes.
 </para>
 </section>
+</section>
 <section>
-<title>Basic access control</title>
+<title>Access control</title>
 <para>
 Out of the box, mercurial-server supports two kinds of users: "root" users and normal users.  If you followed the steps above, you are a "root" user because your key is under <filename class='directory'>keys/root</filename>, while the other user you gave access to is a normal user since their key is under <filename class='directory'>keys/users</filename>.  Keys that are not in either of these directories will by default have no access to anything.
 </para>
 <para>
-Root users can edit <literal>hgadmin</literal>, create new repositories and read and write to existing ones.  Normal users cannot access <literal>hgadmin</literal> or create new repositories, but they can read and write to any other repository.  This is only the default configuration; for more advanced configuration read <xref linkend="accesscontrol"/>.
+Root users can edit <literal>hgadmin</literal>, create new repositories and read and write to existing ones.  Normal users cannot access <literal>hgadmin</literal> or create new repositories, but they can read and write to any other repository.
 </para>
-</section>
-</section>
-<section id="accesscontrol">
-<title>Access control</title>
+<section>
+<title>Using access.conf</title>
 <para>
 mercurial-server offers much more fine-grained access control than this division into two classes of users.  Let's suppose you wish to give Pat access to the <literal>widget</literal> repository, but no other.  We first copy Pat's SSH public key into the <filename
 class='directory'>keys/widget/pat</filename> directory in <literal>hgadmin</literal>.  Now mercurial-server knows about Pat's key, but will give Pat no access to anything because the key is not under either <filename
@@ -219,6 +218,7 @@
 want. More precisely, "*" matches zero or more characters not including "/"
 while "**" matches zero or more characters including "/".
 </para>
+</section>
 <section>
 <title>/etc/mercurial-server and hgadmin</title>
 <para>