From c1884f881fd2403b93e817d2a14c11974e258f27 Mon Sep 17 00:00:00 2001
From: Ginger Collison <ginger@synadia.com>
Date: Mon, 14 Oct 2019 11:40:35 -0500
Subject: [PATCH] Update authorization.md

---
 .../securing_nats/authorization.md            | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/nats-server/configuration/securing_nats/authorization.md b/nats-server/configuration/securing_nats/authorization.md
index 531b4fe..6a1542b 100644
--- a/nats-server/configuration/securing_nats/authorization.md
+++ b/nats-server/configuration/securing_nats/authorization.md
@@ -66,3 +66,32 @@ authorization {
 
 > Note that in the above example, any client with permissions to subscribe to `_INBOX.>` can receive _all_ responses published. More sensitive installations will want to add or subset the prefix to further limit subjects that a client can subscribe. Alternatively, [_Accounts_](auth_intro/accounts.md) allow complete isolation limiting what members of an account can see.
 
+Here's another example, where the `allow` and `deny` options are specified:
+
+```
+authorization: {
+	users = [
+	    {
+	    	user: admin
+	    	password: secret
+	    	permissions: {
+	    		publish: ">"
+	    		subscribe: ">"
+	    	}
+	    }
+		{ 
+			user: test
+			password: test
+			permissions: {
+				publish: {
+					deny: ">"
+				}, 
+				subscribe: {
+					allow: "client.>"
+				}
+			}
+		}
+	]
+}
+```
+