diff --git a/security.rst b/security.rst
index 90c0024266d..70cd2d111e1 100644
--- a/security.rst
+++ b/security.rst
@@ -715,6 +715,9 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
# require ROLE_ADMIN for /admin*
- { path: '^/admin', roles: ROLE_ADMIN }
+ # or require ROLE_ADMIN and IS_AUTHENTICATED_FULLY for /admin*
+ - { path: '^/admin', roles: [IS_AUTHENTICATED_FULLY, ROLE_ADMIN] }
+
# the 'path' value can be any valid regular expression
# (this one will match URLs like /api/post/7298 and /api/comment/528491)
- { path: ^/api/(post|comment)/\d+$, roles: ROLE_USER }
@@ -739,6 +742,12 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
+
+
+ ROLE_ADMIN
+ IS_AUTHENTICATED_FULLY
+
+
@@ -761,6 +770,9 @@ URL pattern. You saw this earlier, where anything matching the regular expressio
// require ROLE_ADMIN for /admin*
['path' => '^/admin', 'roles' => 'ROLE_ADMIN'],
+ // require ROLE_ADMIN and IS_AUTHENTICATED_FULLY for /admin*
+ ['path' => '^/admin', 'roles' => ['ROLE_ADMIN', 'IS_AUTHENTICATED_FULLY']],
+
// the 'path' value can be any valid regular expression
// (this one will match URLs like /api/post/7298 and /api/comment/528491)
['path' => '^/api/(post|comment)/\d+$', 'roles' => 'ROLE_USER'],