diff --git a/samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp b/samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
index b1deaa337a..4fbedda3a8 100644
--- a/samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
+++ b/samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp
@@ -1,6 +1,14 @@
 <%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>
 
 <h1>Accounts</h1>
+<p>
+Anyone can view this page, but posting to an Account requires login and must be authorized. Below are some users to try posting to Accounts with.
+</p>
+<ul>
+<li>rod/koala - can post to any Account</li>
+<li>dianne/emu - can post to Accounts as long as the balance remains above the overdraft amount</li>
+<li>scott/wombat - cannot post to any Accounts</li>
+</ul>
 
 <a href="index.jsp">Home</a><br><br>
 
diff --git a/samples/tutorial/src/main/webapp/index.jsp b/samples/tutorial/src/main/webapp/index.jsp
index 8c2e005bf9..3228c7fdd8 100644
--- a/samples/tutorial/src/main/webapp/index.jsp
+++ b/samples/tutorial/src/main/webapp/index.jsp
@@ -6,7 +6,7 @@
 Anyone can view this page.
 </p>
 <p>
-If you're logged in, you can <a href="listAccounts.html">list accounts</a>.
+While anyone can also view the <a href="listAccounts.html">list accounts</a> page, you must be authorized to post to an Account from the list accounts page.
 </p>
 <p>
 Your principal object is....: <%= request.getUserPrincipal() %>