From 7c0f6bd7422538ec2d7137b39e4e0e85de3f0912 Mon Sep 17 00:00:00 2001
From: James Phillips <slackpad@gmail.com>
Date: Mon, 5 Dec 2016 18:43:05 -0800
Subject: [PATCH] Clarifies ACL replication token.

---
 website/source/docs/internals/acl.html.markdown | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/website/source/docs/internals/acl.html.markdown b/website/source/docs/internals/acl.html.markdown
index 4eadaa827..b156a3f7c 100644
--- a/website/source/docs/internals/acl.html.markdown
+++ b/website/source/docs/internals/acl.html.markdown
@@ -84,7 +84,9 @@ datacenter servers to resolve even uncached tokens. This is enabled by setting a
 [`acl_replication_token`](/docs/agent/options.html#acl_replication_token) in the
 configuration on the servers in the non-authoritative datacenters. With replication
 enabled, the servers will maintain a replica of the authoritative datacenter's full
-set of ACLs on the non-authoritative servers.
+set of ACLs on the non-authoritative servers. The ACL replication token needs to be
+a valid ACL token with management privileges, it can also be the same as the master
+ACL token.
 
 Replication occurs with a background process that looks for new ACLs approximately
 every 30 seconds. Replicated changes are written at a rate that's throttled to