diff --git a/docs/user-guide/persistent-volumes/walkthrough.md b/docs/user-guide/persistent-volumes/walkthrough.md
index 385cc15c52..16c6b0a030 100644
--- a/docs/user-guide/persistent-volumes/walkthrough.md
+++ b/docs/user-guide/persistent-volumes/walkthrough.md
@@ -36,6 +36,34 @@ NAME      LABELS       CAPACITY      ACCESSMODES   STATUS      CLAIM     REASON
 pv0001    type=local   10737418240   RWO           Available 
 ```
 
+### Access Control
+Storage configured with GID will only allow writing by pods using the same GID.
+Mismatched or missing GIDs will cause `permission denied` errors. Annotating a
+`PersistentVolume` with a GID allows `Kubelet` to automatically add the GID to
+the pod that requires it. No coordination between an admin and end user is 
+required.
+
+To annotate the volume's with a GID you use the `pv.beta.kubernetes.io/gid`
+annotation as follows:
+
+```yaml
+kind: PersistentVolume
+apiVersion: v1
+metadata:
+  name: pv1
+  annotations:
+    pv.beta.kubernetes.io/gid: "1234"
+#...
+```
+
+When a pod consumes a PV with a GID annotation, the annotated GID is applied to
+all containers in the pod in the same way GIDs specified in the pod's 
+[security context](/docs/user-guide/security-context/) are. Every GID, whether
+it originates from a PV annotation or the pod's specification, is applied to
+the first process run in each container, in addition to the container's primary
+GID. Currently, the GIDs associated with PVs a pod consumes will not be present
+on the pod resource itself, unlike GIDs specified in a pod's security context.
+
 ## Requesting storage
 
 Users of Kubernetes request persistent storage for their pods.  They don't know how the underlying cluster is provisioned.