Andrea PavlovicPermissons
To explain basic permissioning (ignoring worklows), we will use a helpdesk example. This is the basic table structure of our example:
There are three groups of users:
- employees
- customers
- accounting
The setup designed to make sure customers only see their own tickets, empoyees to have private comments and the accountants to have a set of departments (which are a tree) they are able to do actions for.
In the following text, we will distinguish between "list" and "join" rights. Both are basically "read" rights, but if a user does not have any transitions defined on an entity, a listing of that entity will always return an empty list.
Nevertheless, it may be permitted to be joined to another table which references it, so that an instance can always be retrieved with all it's dependencies. Here, the permission on the main entry basically gets inherited by instances it references.
See [Category] for an example.
Tickets
Apart from read, write and delete actions, there is an additional "set_department" action which will set the value of the cost_bearing_department of a ticket. Here is a quick overview of who can do which action:
list join on write delete set_department
------------------------------------------------------------
employee all [private,public] all all -
customer own [public] own own -
accounting all - - - only own departments
------------------------------------------------------------Category
The category table has no explicit permission set at all. But, to enable the creating of a ticket, where it is a required field, full read access is granted to anyone who can create tickets:
list join on write delete
-----------------------------------
employee all [ticket] - -
customer all [ticket] - -
accounting - [ticket] - -
------------------------------------Accounting has no direct read access but can still join any category which is being referenced in the ticket table by tickets. This is restricted to those tickets a role has list rights on.