Permissions

Permissions' definition is explained in Social groups . Simplifying, definition is set of permissions related to a root, for example dossier:list,new,edit,delete, whereas checking a permission would take the form dossier:new. In the definition we say the permissions related to dossier, when checking we ask whether it has one of those permissions.

Permissions can be ORed using |, for example dossier:list|@customer:on.

Permission root types

  • Entities, as defined in Elephant modules. dossier, contact, document are examples of those entities.
  • Social groups, using the social group identifier prefixed with a @, and followed with :on.
  • Roles, using the role name prefixed with a #, and followed with :on.
  • Fuzzy roles, using the fuzzy role name prefixed with a @, and followed with :is.
  • Actors, using a fixed root @actor:, and followed with the actor name.

Fuzzy roles

Fuzzy roles are those discovered by the application and highly dependent on interactions.

Fuzzy role

Description

admin

The user has admin capabilities, usually related to high administration roles.

worker

The user has a current relation with a company.

professional

The user has a responsible relation with a company.

student

The user has a non-responsible relation with a center.

docent

The user has a docent relation with a center.

responsible

The user has a responsible relation with a company or center.

hhrr

The user is in Human Resources.

companyhhrr

The user is in company's Human Resources department.

centerhhrr

The user is in center's Human Resources department.

translator

The user is a language translator.

networking

The user is in the networking.

premium

The user is in the premium networking.

singleton

The user is a freelancer or a non recognized company or center.

Some examples

Check type

Syntax

Example

Permissions

entity-root:permission

dossier:list

Roles

#role:on

#DossierParticipant:on

Social groups

@socialGroupID:on

@customer:on

Fuzzy roles

@fuzzyrole:is

@worker:is

Actors

@actor:actor_name

@actor:PartnerNetwork

Suppose a sample user assigned to Privileged Customers social group. This social group grants the DossierParticipant role, which carries dossier=list,show permissions. Therefore, dossier:show will be granted.

Printer version
English06/26/22 17:01Lluís Turró Cutiller
English03/20/24 11:04Lluís Turró Cutiller
English03/27/24 12:09Lluís Turró Cutiller