diff --git a/Permissions.md b/Permissions.md
new file mode 100644
index 0000000..1d5d09a
--- /dev/null
+++ b/Permissions.md
@@ -0,0 +1,19 @@
+ARF has a permissions system that functions similarly to public/private keywords
+in other languages, although the actual way in which it works is most simialr to
+Go. That is to say, permissions control how *other* modules can access a
+particular thing. Every entity defined in a module is "friends" with everything
+else, to put it in C++ terms.
+
+ARF has three permission levels:
+
+- pv: Private, other modules cannot even see the entity.
+- ro: Read only, other modules can access the entiry but not alter it. In the
+  context of methods, this means that other modules are forbidden from
+  overriding the method if they define an object that inherits from the method's
+  receiver.
+- rw: Read and write, other modules will be able to access and alter the entity,
+  or in the case of methods, override it.
+
+As far as I know, the read only permission is a novel concept. It is designed to
+help cut back on the need for accessor functions in large codebases and
+libraries where data hiding can be important.
\ No newline at end of file