diff --git a/core/subresources.md b/core/subresources.md
index 874106ceba1..09df25dfed8 100644
--- a/core/subresources.md
+++ b/core/subresources.md
@@ -242,3 +242,28 @@ class Company {
     // ...
 }
 ```
+
+## Security
+
+In order to use Symfony's built-in security system on subresources the security option of the `Link` attribute can be used.
+
+To restrict the access to a subresource based on the parent object simply use the Symfony expression language as you would do normally, with the exception that the name defined in `toProperty` or `fromProperty` is used to access the object.
+
+Alternatively you can also use the `securityObjectName` to set a custom name
+
+```php
+<?php 
+#[ApiResource(
+    uriTemplate: '/employees/{employeeId}/company',
+    uriVariables: [
+        'employeeId' => new Link(fromClass: Employee::class, toProperty: 'company', security: "is_granted(some_voter, company)"),
+    ],
+    operations: [
+        new Get()
+    ]
+)]
+
+class Company {
+    // ...
+}
+```