Permissions' definition is explained in Social groups
. Simplifying, definition is set of permissions related to a root, for example dossier:list,new,edit,delete
, whereas checking a permission would take the form dossier:new
. In the definition we say the permissions related to dossier, when checking we ask whether it has one of those permissions.
Permissions can be ORed using |
, for example dossier:list|@customer:on
.
dossier
, contact
, document
are examples of those entities.@
, and followed with :on
.#
, and followed with :on
.@
, and followed with :is
.@actor:
, and followed with the actor name.Fuzzy roles are those discovered by the application and highly dependent on interactions.
Fuzzy role |
Description |
admin |
The user has admin capabilities, usually related to high administration roles. |
worker |
The user has a current relation with a company. |
professional |
The user has a responsible relation with a company. |
student |
The user has a non-responsible relation with a center. |
docent |
The user has a docent relation with a center. |
responsible |
The user has a responsible relation with a company or center. |
hhrr |
The user is in Human Resources. |
companyhhrr |
The user is in company's Human Resources department. |
centerhhrr |
The user is in center's Human Resources department. |
translator |
The user is a language translator. |
networking |
The user is in the networking. |
premium |
The user is in the premium networking. |
singleton |
The user is a freelancer or a non recognized company or center. |
Check type |
Syntax |
Example |
Permissions |
|
dossier:list |
Roles |
|
#DossierParticipant:on |
Social groups |
|
@customer:on |
Fuzzy roles |
|
@worker:is |
Actors |
|
@actor:PartnerNetwork |
Suppose a sample user assigned to Privileged Customers social group. This social group grants the DossierParticipant role, which carries dossier=list,show
permissions. Therefore, dossier:show
will be granted.