diff --git a/docs/acknowledgements.md b/docs/acknowledgements.md
index 0e8521fad4bd4be7201c0e009cf26317384d6815..1723086214e0b23fe1969f5adf5b574e9785c317 100644
--- a/docs/acknowledgements.md
+++ b/docs/acknowledgements.md
@@ -1 +1,8 @@
-TBA
\ No newline at end of file
+<div class="container" markdown>
+<div class="content" markdown>
+<img class="ack_logo" src="../img/Logo_BW_inverz.png">
+<div markdown>
+This research is supported by the Open Calls for Security Research 2023–2029 (OPSEC) program granted by the Ministry of the Interior of the Czech Republic under No. [VK01030007 – Intelligent Tools for Planning, Conducting, and Evaluating Tabletop Exercises.](https://www.muni.cz/en/research/projects/69231) 
+</div>
+</div>
+</div>
\ No newline at end of file
diff --git a/docs/img/Logo_BW_inverz.png b/docs/img/Logo_BW_inverz.png
new file mode 100644
index 0000000000000000000000000000000000000000..75c93107915f6d474217f87703bdfe1112196f7b
Binary files /dev/null and b/docs/img/Logo_BW_inverz.png differ
diff --git a/docs/report-bugs.md b/docs/report-bugs.md
new file mode 100644
index 0000000000000000000000000000000000000000..02d2fcdefdda273164ea9c2474bdb9004cf28147
--- /dev/null
+++ b/docs/report-bugs.md
@@ -0,0 +1,21 @@
+We use GitLab Service Desk for bug reporting, it offers a simple and efficient way for users to report bugs, suggest features, or provide general feedback to project maintainers. This guide will walk you through the steps of using Service Desk to submit your inquiries directly to the project.
+
+* Open your email client and create a new email.
+* Set the recipient email address to the [Service Desk email](mailto:git+inject-inject-issues-30987-issue-@gitlab.fi.muni.cz).
+* In the subject line, briefly describe the nature of your inquiry (e.g., Bug Report: Application Crashes).
+* In the body of the email, provide detailed information about the issue you are experiencing. Include steps to reproduce the problem, screenshots (if applicable), and any other relevant details.
+* Once you have filled out all the necessary information, click the send button to dispatch your email to the Service Desk.
+
+After sending your email, GitLab automatically converts it into an issue within the project's GitLab instance.
+To track the status of your inquiry, you can visit the project's GitLab page and navigate to the issue tracker section.
+
+Project maintainers may reach out to you through the GitLab issue to gather more information or provide updates on the status of your inquiry.
+Respond to any communications from project maintainers directly through email. Your responses will be reflected within the associated issue in GitLab.
+
+**Additional Tips**
+
+* Be as descriptive as possible when outlining the issue in your email. Clear and detailed descriptions help project maintainers understand and address the problem more effectively.
+* Include any relevant attachments, such as log files or error messages, to assist project maintainers in diagnosing the issue.
+* Check your email regularly for any follow-up communications from project maintainers regarding your inquiry.
+
+By following these steps, you can easily report bugs or provide feedback to project maintainers using GitLab Service Desk. Your contributions help improve the overall quality and functionality of the project for all users.
\ No newline at end of file
diff --git a/docs/stylesheets/extra.css b/docs/stylesheets/extra.css
index 9a9d1a9992907ca46ae6765c8b15a33d56cb9094..55e4b9c4e0824a71aab1c11721e8c98bf9f76e4c 100644
--- a/docs/stylesheets/extra.css
+++ b/docs/stylesheets/extra.css
@@ -32,6 +32,9 @@
 
 :root > * {
     --md-mermaid-edge-color: white !important;
+    --md-mermaid-sequence-actor-bg-color: #ffdd4e;
+    --md-mermaid-sequence-actor-line-color: white;
+    --md-mermaid-sequence-number-fg-color: black;
 }
 
 .md-logo img {
@@ -169,4 +172,25 @@ span div:nth-child(1) > div:nth-child(1) > pre:nth-child(1) > code:nth-child(1)
 
 span div:nth-child(1) > div:nth-child(1) > pre:nth-child(1) > code:nth-child(1) > span:nth-child(10) {
     color: black !important;
+}
+
+tr td {
+    vertical-align: middle !important;
+}
+
+.container {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+}
+
+.content {
+    display: flex;
+    align-items: center;
+}
+
+.ack_logo {
+    max-width: 13rem !important;
+    height: auto !important;
+    margin-right: 10px;
 }
\ No newline at end of file
diff --git a/docs/tech/security-auth.md b/docs/tech/security-auth.md
deleted file mode 100644
index 0e8521fad4bd4be7201c0e009cf26317384d6815..0000000000000000000000000000000000000000
--- a/docs/tech/security-auth.md
+++ /dev/null
@@ -1 +0,0 @@
-TBA
\ No newline at end of file
diff --git a/docs/tech/security-overview.md b/docs/tech/security-overview.md
deleted file mode 100644
index 0e8521fad4bd4be7201c0e009cf26317384d6815..0000000000000000000000000000000000000000
--- a/docs/tech/security-overview.md
+++ /dev/null
@@ -1 +0,0 @@
-TBA
\ No newline at end of file
diff --git a/docs/tech/security.md b/docs/tech/security.md
new file mode 100644
index 0000000000000000000000000000000000000000..a6e796a485bb510d66ee7c175cef971791177710
--- /dev/null
+++ b/docs/tech/security.md
@@ -0,0 +1,165 @@
+# Authentication
+Authentication on the INJECT platform is fundamental to ensuring secure access to its features and resources. Leveraging Django's built-in session system, the platform utilizes cookies as a means to authenticate client requests.
+
+## Authentication Process Overview
+
+The authentication process involves the following steps:
+``` mermaid
+sequenceDiagram
+  Client->>Server: Get backend version
+  Server->>Client: Responds with backend version and SET_COOKIE
+```
+```
+1. Client -> Server: Get the backend version from the REST API. (No cookies are set yet.)
+2. Client <- Server: Responds with backend version and SET_COOKIE 
+with new _sessionid_ and _csrf_ cookie.
+```
+
+In this state, the server established a session with the client. The client did not authenticate yet, and thus the session attribute _user_ is set to _AnonymousUser_. All further requests from the client should now contain the _sessionid_ and _csrf_ cookie together with the _X-csrftoken_ header of requests (most importantly for safe login!).
+The client can now make any request to endpoints, which do not enforce authenticated requesters. On every request, the match of _csrf_ cookie and _X-csrftoken_ header is checked.
+The next important step in our schema is **login**:
+
+``` mermaid
+sequenceDiagram
+  Client->>Server: Sends login request on GraphQL login endpoint
+  Server->>Client: Server generates new session
+```
+```
+3. Client -> Server: Sends a login request on the GraphQL login endpoint 
+containing the username and password (and most importantly, 
+the _sesisonid_ and _csrf_ cookie with _X-csrftoken_ header set to the 
+value of the _csrf_ cookie to prevent cross-site request forgery).
+4. Client <- Server: If the provided credentials were correct, 
+the server generated a new session with attribute _user_ set 
+to User model of user who successfully authenticated themselves and 
+responded with SET_COOKIE containing the new _sessionid_ cookie 
+and the new _csrf_ cookie.
+```
+
+The client is expected to drop the old _sessionid_ and _csrf_ cookie and replace them with the new ones. Also, every request from now on should contain _X-csrftoken_ value of the new _csrf_ cookie.
+
+For further information, refer to the official documentation on:
+
+* [Django Sessions](https://docs.djangoproject.com/en/2.0/topics/http/sessions/)
+* [CSRF Protection](https://docs.djangoproject.com/en/2.0/ref/csrf/)
+
+### Basic authentication
+For the purposes of more convenient development, basic authentication is also supported according to the [RFC 2617](https://datatracker.ietf.org/doc/html/rfc2617#section-2) standard.
+
+## Authorization
+For authorization processes, the RBAC (Role-based access control) is supplemented with a modified ACL (access control list)  
+
+Three authorization roles (also called groups to not be mistaken for in-game roles) are present:  
+- **ADMIN**  
+  - has implicit access to all resources and the platform (exercises, definitions, users, etc...)  
+  - role should be assigned only to people that really need it (maintainers, deployers of the platform), and the number of people with this role should be    kept to a minimum  
+  - can execute every action that a TRAINEE or INSTRUCTOR can  
+- **INSTRUCTOR**  
+  - can access only exercises and definitions where he/she was assigned (or which he/she has created and was not removed from them)  
+  - isntructors can add or remove other instructors from exercises or definitions if they have access to these resources  
+  - by creating an exercise or uploading an exercise definition, the instructor is automatically granted access to it - access can be removed by the other  instructor assigned to the exercise or definition  
+  - instructor of the given exercise can see all teams in the exercise  
+  - can manipulate with the exercises (start, stop, create, or remove)  
+  - can add/remove trainees to/from teams of an exercise  
+  - inherits all trainee permissions  
+- **TRAINEE**  
+  - can see only exercises where he/she was assigned  
+  - can access only the data of the team to which he or she was assigned (cannot see the data of other teams for the same exercise)  
+  - can use tools in exercise (sending emails, using tools,...)
+
+### Process of Authorization
+Every endpoint resolver (in REST API and GraphQL), which allows access to data that should not be visible to everyone, should be decorated by decorators. The INJECT authorization schema functions on the combinations of these decorators:
+
+#### protected
+  - takes as an argument permission needed for accessing the endpoint
+  - Role-based access control -> checks whether the requester is assigned to a group with the required permission
+  - if request is unauthenticated, it automatically denies access
+
+```python
+@protected(required_permission: str)
+def resolver_function():
+    pass
+```
+#### extra_protected
+  - takes `Enum Check` value
+  ```python
+  class Check(str, Enum):
+    TEAM_ID = "team_id"
+    EXERCISE_ID = "exercise_id"
+    DEFINITION_ID = "definition_id"
+    LOG_ID = "log_id"
+    THREAD_ID = "thread_id"
+    VISIBLE_ONLY = "visible_only"
+  ```
+  - based on the value of the argument, checks whether the requester has access to a specific resource
+  - utilizes Access-controll list
+  - given argument must occur as a key-word argument of the endpoint resolver
+  - works by extracting the Check keyword value and executing the relevant check function
+  - if request is unauthenticated, it automatically denies access
+
+```python
+@extra_protected(check: Check)
+def resolver_function(argument):
+    pass
+```
+  - example usage:
+```python
+@extra_protected(Check.TEAM_ID)
+def resolver_function(team_id: str):
+    pass
+```
+
+#### input_object_protected
+  - works on the same principle as **extra_protected** but instead of _Check enum argument, it takes the name of the input object argument.
+  - internally uses the same check functions as **extra_protected**, but differs in the extraction of the needed value for the check.
+```python
+@input_object_protected(object_name: str)
+def resolver():
+    pass
+```
+- example usage:
+```python
+@input_object_protected("create_exercise_input")
+def resolver_function(create_exercise_input: CreateExerciseInput):
+    pass
+```
+
+The best authorization control and functionality are achieved by combining the mentioned decorators. This way, you can set up more granular and specific checks. For example:
+
+```python
+# Accessible only to the trainees assigned to the team with an ID equal to the team_id (inheritably for the instructors of the exercise, where the team with "team_id" belongs to)
+@protected(Perms.view_trainee_info) # view_trainee_info is permission for the trainee role
+@extra_protected(Checks.TEAM_ID)
+def resolver(team_id: str):
+    pass
+
+# Accessible only to the instructors of the exercise, where the thread with "thread_id" was created
+@protected(Perms.analytics_view) # analytics_view is the permission of the instructor role
+@extra_protected(Check.THREAD_ID)
+def resolver(thread_id):
+    pass
+```
+
+### Additional notes
+- Users with the ADMIN role can be added to the access control lists to be shown in exercises (if the admin acts as an instructor for some reason), but it is not necessary because ADMIN has control over every resource on the platform, whether he is assigned to it or not
+
+## User onboarding
+Users can be added to the platform via a .csv file in the following format:
+```
+username,group,tags,first_name,last_name
+```
+- **username** (mandatory)  
+  - has to be a valid email address of the user (he will receive credentials via this email)  
+- **group** (optional, implicitly "trainee")  
+  - authorization role of the created user
+  - values: trainee, instructor, or admin (shorts "t", "i" or "a" can be used as well) case is ignored  
+Instructors cannot create users with higher privileges. admin (admin can be created only by admin users)  
+- **tags** (optional)  
+  - you can mark the newly created user by tags to make your work with assigning users to teams or exercises more convenient
+  - format of the field: `tag1|tag2|tag3` (values separated by "|")  
+- **first_name** (optional)  
+  - first name of the created user if you want to identify them later  
+- **last_name** (optional)  
+  - last name of the created user if you want to identify them later  
+
+As a separator for the column, you can use either `,` or `;`.
\ No newline at end of file
diff --git a/mkdocs.yml b/mkdocs.yml
index 1ce4f0cdbc2365562cb371e6d0f38140ae165567..f215df5a96fbaba57330f09304cce9dd3dc098b1 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -8,7 +8,7 @@ theme:
 extra:
   social:
     - icon: inject/inject-logo--horizontal-black
-      link: https://cybersec.fi.muni.cz/projects/inject
+      link: https://inject.muni.cz
 
 copyright: Copyright © 2024 Masaryk University
 
@@ -21,9 +21,7 @@ nav:
     - System architecture:
       - Overview: tech/architecture/overview.md
       - Definition documentation: tech/architecture/definitions.md
-    - Security features:
-      - Overview: tech/security-overview.md
-      - Authentization: tech/security-auth.md
+    - Security features: tech/security.md
     - API Documentation:
       - Overview: tech/api/overview.md
       - Graphql Documentation: tech/api/graphql-docs.md
@@ -32,12 +30,14 @@ nav:
   - FAQ: faq.md
   - Glossary of Terms: glosary-of-terms.md
   - Authors: authors.md
+  - Report bugs: report-bugs.md
   - Acknowledgements: acknowledgements.md
   - License: license.md
 
 markdown_extensions:
   - attr_list
   - md_in_html
+  - def_list
   - pymdownx.emoji:
       emoji_index: !!python/name:material.extensions.emoji.twemoji
       emoji_generator: !!python/name:material.extensions.emoji.to_svg
diff --git a/overrides/partials/copyright.html b/overrides/partials/copyright.html
index f8d8413d6b31b40ba65cb5d58e2e7da4940b9041..b124641aab2f3ff537f8c49067c25cf9b1c0c9ee 100644
--- a/overrides/partials/copyright.html
+++ b/overrides/partials/copyright.html
@@ -11,5 +11,5 @@
       </a>
     {% endif %}
     <br>
-      <a href="mailto:git+inject-inject-docs-34446-issue-@gitlab.fi.muni.cz">Report bugs</a>
+      <a href="/inject-docs/report-bugs/">Report bugs</a>
   </div>
\ No newline at end of file