From ea7a85798c9c115cf17c0ff56602553bace025ac Mon Sep 17 00:00:00 2001
From: Johann Pardanaud <pardanaud.j@gmail.com>
Date: Tue, 17 Dec 2019 11:21:00 +0100
Subject: [PATCH] Add a note about voters with access_control

Explain how the Access Decision Strategy can impact the way access_control works.
---
 security/access_control.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/security/access_control.rst b/security/access_control.rst
index 9c0378ff79d..0daab78c71c 100644
--- a/security/access_control.rst
+++ b/security/access_control.rst
@@ -160,6 +160,13 @@ options:
     can learn how to use your custom attributes by reading
     :ref:`security/custom-voter`.
 
+.. caution::
+
+    If you define both ``roles`` and ``allow_if``, and your Access Decision
+    Strategy is the default one (``affirmative``), then the user will be granted
+    access if there's at least one valid condition. See :doc:`/security/voters`
+    to change your strategy to something more suited to your needs.
+
 .. tip::
 
     If access is denied, the system will try to authenticate the user if not