diff --git a/topics/enforcer/keycloak-enforcement-filter.adoc b/topics/enforcer/keycloak-enforcement-filter.adoc
index d1ce843b73..e7f018e4b9 100755
--- a/topics/enforcer/keycloak-enforcement-filter.adoc
+++ b/topics/enforcer/keycloak-enforcement-filter.adoc
@@ -120,4 +120,17 @@ The name of the HTTP method.
 +
 **** *scopes*
 +
-An array of strings with the scopes associated with the method. When you associate scopes with a specific method, the client trying to access a protected resource (or path) must provide an RPT that grants permission to all scopes specified in the list. For example, if you define a method _POST_ with a scope _create_, the RPT must contain a permission granting access to the _create_ scope when performing a POST to the path.
\ No newline at end of file
+An array of strings with the scopes associated with the method. When you associate scopes with a specific method, the client trying to access a protected resource (or path) must provide an RPT that grants permission to all scopes specified in the list. For example, if you define a method _POST_ with a scope _create_, the RPT must contain a permission granting access to the _create_ scope when performing a POST to the path.
++
+**** *enforcement-mode*
++
+Specifies how policies are enforced.
++
+***** *ENFORCING*
++
+(default mode) Requests are denied by default even when there is no policy associated with a given resource.
++
+***** *DISABLED*
++
+Disables the evaluation of policies for a path
++
\ No newline at end of file