Permissions

From FreeDESK
Jump to: navigation, search

Permissions in FreeDESK operate on a granular most-specific model.

Each user can have permissions assigned to it directly or be a member of a permissions group for easy bulk administration.

A wide variety of operations are assigned a permission (these are either coded within the system or added automatically by plugins once installed). These permissions can be explicitly set (allowed or denied) on a per-user or per-group basis. If a permission is undefined then the next level of specificity is tested (hence the most-specific model).

When a permission is requested it is determined as follows:

  • Is the permission set specifically for the user (allowed or denied), in which case this is used.
  • Does the user have a default permission (allowed or denied), in which case this is used.

If the user is a member of a permission group:

  • Is the permission set specifically for the group (allowed or denied), in which case this is used
  • Does the group have a default permission (allowed or denied), in which case this is used

If no matching permission is found:

  • Permission Denied

Examples

One

The permission "one" is set as denied for the permission group, the user has it and default undefined.

Permission is denied.

Two

The permission "two" is set as denied for the permission group, the user has it undefined but default is allowed.

The permission is allowed.

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox