diff --git a/src/server.h b/src/server.h
index 1eb66e01..0ad37862 100644
--- a/src/server.h
+++ b/src/server.h
@@ -1356,8 +1356,27 @@ typedef struct {
  * user is associated to the connection after the connection is authenticated.
  * If there is no associated user, the connection uses the default user. */
 #define USER_MAX_COMMAND_BIT 1024
+#define USER_FLAG_ENABLED (1<<0)        /* The user is active. */
 typedef struct user {
+    uint64_t flags; /* See USER_FLAG_* */
+
+    /* The bit in allowed_commands is set if this user has the right to
+     * execute this command. In commands having subcommands, if this bit is
+     * set, then all the subcommands are also available.
+     *
+     * If the bit for a given command is NOT set and the command has
+     * subcommands, Redis will also check allowed_subcommands in order to
+     * understand if the command can be executed. */
     uint64_t allowed_commands[USER_MAX_COMMAND_BIT/64];
+
+    /* This array points, for each command ID (corresponding to the command
+     * bit set in allowed_commands), to an array of SDS strings, terminated by
+     * a NULL pointer, with all the sub commands that can be executed for
+     * this command. When no subcommands matching is used, the field is just
+     * set to NULL to avoid allocating USER_MAX_COMMAND_BIT pointers. */
+    sds **allowed_subcommands;
+    list *passwords; /* A list of SDS valid passwords for this user. */
+    list *patterns;  /* A list of allowed key patterns. */
 } user;
 
 /* Structure to hold hash iteration abstraction. Note that iteration over