diff --git a/docs/AUTH.md b/docs/AUTH.md
new file mode 100644
index 00000000..23e9e283
--- /dev/null
+++ b/docs/AUTH.md
@@ -0,0 +1,27 @@
+# Authentication
+
+Authentication can be used as a guard on a field, query or mutation, restricting data access or actions for a specific group of users.
+
+Since the codebase uses TypeGraphQL, which relies heavily on decorators, authentication is also done using decorators.
+
+Authentication is done with use of `@Permission` decorator. This decorator takes function as an argument with permission object as a return value.
+
+For example:
+
+```lang=js
+@Permission(async (resolverData) => ({
+  or: [
+    {
+      type: 'global',
+      permission: 'viewOperationMetadata',
+    },
+    {
+      type: 'operation',
+      permission: 'canViewMetadata',
+      id: 11,
+    },
+  ],
+}))
+```
+
+In this example, `id` field is hardcoded for demo purposes, but `resolverData` can be used to obtain the actual value.