diff --git a/CHANGES.md b/CHANGES.md
index 617031d..71aaf8c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -2,7 +2,8 @@
 
 ## 3.0.1 (not yet released)
 
-(nothing yet)
+- #54 `triton rbac info` improvements: better help, use brackets to show
+  non-default roles.
 
 
 ## 3.0.0
diff --git a/lib/do_rbac/do_info.js b/lib/do_rbac/do_info.js
index 3221793..f63cd6b 100644
--- a/lib/do_rbac/do_info.js
+++ b/lib/do_rbac/do_info.js
@@ -107,23 +107,36 @@ function do_info(subcmd, opts, args, cb) {
                     userExtra = '';
                 }
 
-                var roleInfo = [];
+                var numRoles = 0;
+                var roleInfo = '';
                 user.default_roles.sort();
                 user.roles.sort();
                 var roleSeen = {};
                 user.default_roles.forEach(function (r) {
+                    numRoles++;
                     roleSeen[r] = true;
-                    roleInfo.push(r);
-                });
-                user.roles.forEach(function (r) {
-                    if (!roleSeen[r]) {
-                        roleInfo.push(r + '*'); // marker for non-default role
+                    if (roleInfo) {
+                        roleInfo += ', ';
                     }
+                    roleInfo += r;
                 });
-                if (roleInfo.length === 1) {
-                    roleInfo = 'role ' + roleInfo.join(', ');
-                } else if (roleInfo.length > 0) {
-                    roleInfo = 'roles ' + roleInfo.join(', ');
+                var nonDefaultRoles = user.roles.filter(function (r) {
+                    return !roleSeen[r];
+                });
+                if (nonDefaultRoles.length > 0) {
+                    numRoles += nonDefaultRoles.length;
+                    if (numRoles > 0) {
+                        roleInfo += '[, ';
+                    } else {
+                        roleInfo += '[';
+                    }
+                    roleInfo += nonDefaultRoles.join(', ');
+                    roleInfo += ']';
+                }
+                if (numRoles === 1) {
+                    roleInfo = 'role ' + roleInfo;
+                } else if (numRoles > 0) {
+                    roleInfo = 'roles ' + roleInfo;
                 } else {
                     roleInfo = ansiStylize('no roles', 'red');
                 }
@@ -190,16 +203,36 @@ do_info.options = [
     }
 ];
 
-do_info.help = (
+do_info.help = [
     /* BEGIN JSSTYLED */
-    'Show current RBAC state.\n' +
-    '\n' +
-    'Usage:\n' +
-    '    {{name}} info [<options>]\n' +
-    '\n' +
-    '{{options}}'
+    'Show current RBAC state.',
+    '',
+    'Usage:',
+    '    {{name}} info [<options>]',
+    '',
+    '{{options}}',
+    'List RBAC users, roles and policies and. This summary does not show all',
+    'data for these objects, but attempts to highlight important relationships',
+    'to give a succinct overview.',
+    '',
+    'Example:',
+    '    users (2):                         # Number of users in parentheses',
+    '                                       # A user\'s roles from the role object',
+    '        alice: roles ops[, admin]      # Alice\'s roles, non-default ones in brackets',
+    '        bill (no ssh keys): role eng   # A warning that bill has no SSH key',
+    '    roles (3):                         # "$roleName: policy $policyName',
+    '        admin: policy policy-admin',
+    '        eng: policy policy-full',
+    '        ops: policy policy-readonly',
+    '    policies (3):                      # "$name ($description) rules:"',
+    '        policy-admin (full access) rules:',
+    '            CAN *                      # The rules on the policy',
+    '        policy-full (full access, except rbac) rules:',
+    '            CAN compute:*',
+    '        policy-readonly (read-only access) rules:',
+    '            CAN compute:Get*'
     /* END JSSTYLED */
-);
+].join('\n');