Added example dashboard

modules/ROOT/nav.adoc

@@ -60,6 +60,8 @@
 *** xref:security/jwt_keys.adoc[JWT with Keys]
 *** xref:security/jwt_hmac.adoc[JWT with HMAC]
 ** xref:security/oauth2.adoc[OAuth2]
+** xref:security/local.adoc[Local Users Login]
+*** xref:security/example_login_required.adoc[Example: Login Required]
 * xref:solutions/intro.adoc[Solutions]
 ** xref:solutions/on-git-push/index.adoc[Self hosted GitOps]
 ** xref:solutions/container-control-panel/index.adoc[Container Control Panel]

modules/ROOT/pages/security/acl.adoc

@@ -3,7 +3,15 @@
 
 include::../snippit_earlydoc.adoc[]
 
-You can control access to actions within OliveTin on a per-user basis, using Access Control Lists (ACL).
+You can control access to actions within OliveTin on a per-user basis, using Access Control Lists (ACL), which work by grouping an Action, a User (or User Group), and a List of Permissions.
+
+[mermaid, "sample", png]
+....
+graph TD
+    A[Action] -->|ACL| B[ACL]
+    B -->|User/UserGroup| C[User/UserGroup]
+    B -->|Permissions| D[Permissions]
+....
 
 An action always starts with `defaultPermissions` (see below), and then then have one or more ACLs applied to it. This means that you can for example have an action that is only available to a certain group of users, or only to a single user.
 

modules/ROOT/pages/security/example_login_required.adoc

@@ -0,0 +1,61 @@
+[#example-login-required]
+=== Example: Dashboards that requires login
+
+A common use case for OliveTin with security is to expose some dashboards that require login to be able to use. This page brings together the configuration options that are needed to achieve this.
+
+== Full example configuration
+
+```yaml
+logLevel: "INFO"
+
+authRequireGuestsToLogin: true
+
+accessControlLists:
+  - name: "admins"
+    permissions:
+      view: true
+      exec: true
+      logs: true
+    matchUsergroups:
+      - "admins"
+    addToEveryAction: true
+
+
+authLocalUsers:
+  enabled: true
+  users:
+    - username: "admin"
+      usergroup: admins
+      password: << your password hash here >>
+
+actions:
+  - title: "Restart"
+    shell: echo "Restart"
+
+dashboards:
+  - title: "Admin Dashboard"
+    contents:
+      - title: "Restart"
+```
+
+Note, to use this configuration, you will need to replace `<< your password hash here >>` with a password hash. You can generate a password hash by looking at the options in the <<local-users>> configuration section.
+
+=== Important configuration option: `AuthRequireGuestsToLogin`
+
+The `AuthRequireGuestsToLogin` option is a helpful shortcut that sets all `defaultPermissions` to false, and makes it so that all guests are prompted to login before they can do anything with OliveTin.
+
+Technically, you could achieve the same effect by setting `defaultPermissions` to `false` and setting up an ACL that allows access to the login page, but `AuthRequireGuestsToLogin` is a more convenient way to achieve the same effect.
+
+=== Per-action ACLs, vs `addToEveryAction`
+
+It is possible to specify one or more ACL per action, like so;
+
+```yaml
+actions:
+  - title: "Restart"
+    shell: echo "Restart"
+    acl:
+      - name: "admins"
+```
+
+However, this configuration is also a bit more verbose, and if you just have one main ACL, can save yourself some typing by using the `addToEveryAction` option in the ACL configuration.

modules/ROOT/pages/security/index.adoc

@@ -17,3 +17,5 @@ include::oauth2.adoc[]
 include::oauth2_authentik.adoc[]
 
 include::local.adoc[]
+
+include::example_login_required.adoc[]