diff --git a/Documentation/REST-API/Resources-User.md b/Documentation/REST-API/Resources-User.md
index f10546cfe..306168b60 100644
--- a/Documentation/REST-API/Resources-User.md
+++ b/Documentation/REST-API/Resources-User.md
@@ -195,6 +195,10 @@ following fields.
 * `data.attributes.account`
   * Set to `admin` for administrative users and `basic` to read-only users
 
+Only admin accounts can perform POST, PUT, DELETE and PATCH requests. If a basic
+account performs one of the aforementioned request, the REST API will respond
+with a `401 Unauthorized` error.
+
 Here is an example request body defining the network user _my-user_ with the
 password _my-password_ that is allowed to execute only read-only operations.
 
diff --git a/maxctrl/lib/create.js b/maxctrl/lib/create.js
index 5fd9950c2..55210958c 100644
--- a/maxctrl/lib/create.js
+++ b/maxctrl/lib/create.js
@@ -319,7 +319,8 @@ exports.builder = function(yargs) {
             return yargs.epilog('The created user can be used with the MaxScale REST API as ' +
                                 'well as the MaxAdmin network interface. By default the created ' +
                                 'user will have read-only privileges. To make the user an ' +
-                                'administrative user, use the `--type=admin` option.')
+                                'administrative user, use the `--type=admin` option. ' +
+                                'Basic users can only perform `list` and `show` commands.')
                 .usage('Usage: create user <name> <password>')
         }, function(argv) {