Add more docs for Feature Layer

not complete, but progress..

docs/features/people/users/index.rst

@@ -0,0 +1,39 @@
+
+Users
+=====
+
+Users are a bit unique in the realm of Person-related data, because
+it's often the case that they are *not* imported from some other
+system, being instead maintained only in Rattail.  (Of course it *is*
+still possible to import User records from another system.)
+
+When you first setup a Rattail system you create the first "admin"
+User.  You then login as that User and can create other Users as
+needed, depending on who needs access.  For more info see also
+:doc:`/data/auth`.
+
+It's possible to tie a User record to a Person record, although
+technically not required.  It is recommended since it opens up other
+possibilities, for instance the app might present different features
+based on some other related aspects e.g. of the Employee record of the
+current User.
+
+It's also common to create dedicated User accounts to represent the
+other systems involved, e.g. your POS.  Such accounts do not tie back
+to any Person and exist only for sake of attributing changes to the
+applicable system, when data is imported to Rattail.
+
+The username for each User must be unique.  Passwords are stored using
+1-way encryption, so are not recoverable and must be reset if lost.
+
+It is possible to authenticate users against something other than
+Rattail, instead of or in addition to normal Rattail authentication.
+For instance it can check LDAP, or a corresponding employee table in
+your POS DB (e.g. if those credentials are stored as plain text).
+
+It is also possible for Rattail to auto-create users upon first login,
+if authenticating from another system like that.  If your permissions
+are setup such that *any* "authenticated" (i.e. logged in) user has
+access to certain features, this may be a useful option for you.  In
+some cases you may also need to add logic to auto-assign the
+newly-created user to some particular role(s) based on whatever...