Add team docs with sample RBAC permissions

docs/README.md

@@ -17,6 +17,7 @@ These guides describe how the components of Gimbal function and how they interac
 - [List Discovered Services](list-discovered-services.md)
 - [Update Kubernetes Discoverer Credentials](kubernetes-discoverer.md#updating-credentials)
 - [Update OpenStack Discoverer Credentials](openstack-discoverer.md#updating-credentials)
+- [Teams with Gimbal](teams.md)
 
 ## User Topics
 

docs/teams.md

@@ -0,0 +1,30 @@
+# Teams with Gimbal
+
+A key feature of Gimbal is team management. The idea is enable teams to configure and define their own Ingress resources within the Gimbal cluster without requiring an administrator to assist. To enable this, users will be isolated to one or more namespaces in the Gimbal cluster and should have capabilities to create Ingress routes and also view Services and Endpoints within their respective team namespace. 
+
+## RBAC Rules 
+
+A key component of any secure Kubernetes cluster are permissions implemented via Role-Based Access Control (RBAC). Following is a sample RBAC `ClusterRole` which can be assigned to users within a team namespace:
+
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: team-ingress
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - extensions
+  resources:
+  - ingresses
+  verbs:
+  - "*"
+```