diff --git a/doc/README.md b/doc/README.md
index 6c8fe3a96cede1cb8eeb4ad37106add64468c4cc..b73d7bb38e14ab0e914e82804d77100fe1887d21 100644
--- a/doc/README.md
+++ b/doc/README.md
@@ -6,7 +6,7 @@
 + [Public access](public_access/public_access.md) Learn how you can allow public and internal access to a project.
 + [SSH](ssh/README.md) Setup your ssh keys and deploy keys for secure access to your projects.
 + [Web hooks](web_hooks/web_hooks.md) Let GitLab notify you when new code has been pushed to your project.
-+ [Workflow](workflow/workflow.md) Learn how to use Git and GitLab together.
++ [Workflow](workflow/README.md) Learn how to use Git and GitLab together.
 
 **Administrator documentation**
 
diff --git a/doc/workflow/authorization_for_merge_requests.md b/doc/workflow/authorization_for_merge_requests.md
new file mode 100644
index 0000000000000000000000000000000000000000..4e07d7c04c5dc021f10ee751d5941320424543a8
--- /dev/null
+++ b/doc/workflow/authorization_for_merge_requests.md
@@ -0,0 +1,32 @@
+There are two main ways to have a merge request flow with GitLab: working with protected branches in a single repository, or working with forks of an authoritative project.
+
+## Protected branch flow
+
+With the protected branch flow everybody works within the same GitLab project.
+The project maintainers get Master access and the regular developers get Developer access.
+The maintainers mark the authoritative branches as 'Protected'.
+The developers push feature branches to the project and create merge requests to have their feature branches reviewed and merged into one of the protected branches.
+Only users with Master access can merge changes into a protected branch.
+
+### Advantages
+
+- fewer projects means less clutter
+- developers need to consider only one remote repository
+
+### Disadvantages
+
+- manual setup of protected branch required for each new project
+
+## Forking workflow
+
+With the forking workflow the maintainers get Master access and the regular developers get Reporter access to the authoritative repository, which prohibits them from pushing any changes to it.
+Developers create forks of the authoritative project and push their feature branches to their own forks.
+To get their changes into master they need to create a merge request across forks.
+
+### Advantages
+
+- in an appropriately configured GitLab group, new projects automatically get the required access restrictions for regular developers: fewer manual steps to configure authorization for new projects
+
+### Disadvantages
+
+- the project need to keep their forks up to date, which requires more advanced Git skills (managing multiple remotes)