31 lines
937 B
Plaintext
31 lines
937 B
Plaintext
===========
|
|
Permissions
|
|
===========
|
|
|
|
Mayan EDMS provides very fine control over which actions users can
|
|
perform. Action control works by allowing ``roles``, that are composed of
|
|
``groups`` of ``users`` to be granted a ``permission`` such that the holder of
|
|
that permission can exercise it throughout the entire system.
|
|
|
|
.. blockdiag::
|
|
|
|
blockdiag {
|
|
orientation = portrait
|
|
default_shape = roundedbox
|
|
span_width = 240;
|
|
span_height = 100;
|
|
|
|
user [ label = 'Users' ];
|
|
group [ label = 'Groups' ];
|
|
role [ label = 'Roles' ];
|
|
permission [ label = 'Permissions' ];
|
|
|
|
|
|
user -> group -> role <- permission;
|
|
}
|
|
|
|
In other words, users themselves can't hold a permission, permissions are
|
|
granted only to roles. Users can't directly belong to a role, they can only
|
|
belong to a group. Groups can be members of roles. Roles are system permission
|
|
units and groups are business organizational units.
|