diff --git a/docs/faq/src/docbook/faq.xml b/docs/faq/src/docbook/faq.xml
index 3927454c60..8f0f092792 100644
--- a/docs/faq/src/docbook/faq.xml
+++ b/docs/faq/src/docbook/faq.xml
@@ -283,6 +283,29 @@
the chapters on namespace parsing in the standard Spring Framework reference
documentation first.
+
+ What does ROLE_
mean and why do I need it on my role names?
+
+ Spring Security has a voter-based architecture which means that an access
+ decision is made by a series of AccessDecisionVoters.
+ The voters act on the configuration attributes
which are specified for a
+ secured resource (such as a method invocation). With this approach, not all attributes may
+ be relevant to all voters and a voter needs to know when it should ignore an attribute (abstain) and
+ when it should vote to grant or deny access based on the attribute value.
+ The most common voter is the RoleVoter which by default votes
+ whenever it finds an attribute with the ROLE_
prefix. It makes a simple comparison
+ of the attribute (such as ROLE_USER
) with the name names of the authorities which
+ the current user has been assigned. If it finds a match (they have an authority called
+ ROLE_USER
), it votes to grant access, otherwise it votes to deny access.
+
+
+ The prefix can be changed by setting the rolePrefix property of
+ RoleVoter. If you only need to use roles in your application and have
+ no need for other custom voters, then you can set the prefix to a blank string, in which case the
+ RoleVoter will treat all attributes as roles.
+
+
+
Common <quote>Howto</quote> Requests