| | 106 | ==== Ownership vs. Access Permission ==== |
| | 107 | |
| | 108 | NOTE: '''Ownership''' for a record and '''access permissions''' on this record are independent from each other! |
| | 109 | |
| | 110 | The fact alone that a user owns a record doesn't give him any permissions on that record. He still needs to have a role assigned for which an ACL definition exists which gives him permissions on that table. |
| | 111 | |
| | 112 | But that also means that the role which determines the user's ownership of a record, and the role which determines the user's effective access permissions for that record, do not have to be the same (in fact, the ownership-determining role doesn't need to have any permissions on the table at all): the effective permissions would still be applied as per the most permissive role the user is assigned to. |
| | 113 | |
| | 114 | Example: |
| | 115 | |
| | 116 | Have these things: |
| | 117 | 1. A role ''OrgX Staff'', which is routinely assigned to staff members of organisation ''X'' |
| | 118 | 2. A role ''Boss'', which is assigned to all organisation admins (independent of the organisation!) |
| | 119 | 3. A role ''Clerk'', which is assigned to all helpdesk officers (independent of the organisation!) |
| | 120 | 4. A record ''Y'' in the table ''aaa_bbbbb'', which has its {{{owned_by}}} field set to ''OrgX Staff'' |
| | 121 | 5. An ACL for the ''aaa_bbbbb'' table, which sets {{{(uacl=CREATE, oacl=ALL)}}} for the ''Boss'' role |
| | 122 | 6. An ACL for the ''aaa_bbbbb'' table, which sets {{{(uacl=NONE, oacl=READ)}}} for the ''Clerk'' role |
| | 123 | |
| | 124 | With this configuration, a user who has the ''OrgX Staff'' role, would own record ''Y''. But this role doesn't give him any permission to access the record (no ACL defined on ''aaa_bbbbb'' for role ''OrgX Staff''). |
| | 125 | |
| | 126 | If the user would have both, the ''OrgX Staff'' and the ''Boss'' roles, then he would own the record ''Y'' (as per {{{owned_by}}}) and also be permitted to {{{read}}}, {{{update}}} and {{{delete}}} this record (as per ACL for ''Boss''), and additionally, he could add new records to ''aaa_bbbbb''. |
| | 127 | |
| | 128 | If instead the user would have the ''OrgX Staff'' and the ''Clerk'' roles, then he would also own the record ''Y'' (as per {{{owned_by}}}), but just be permitted to {{{read}}} that record (as per ACL for ''Clerk''). |
| | 129 | |
| | 130 | If the user would only be ''Boss'', then he could only create new records in ''aaa_bbbbb'', but could not access record ''Y'' (since that would require ownership of that record). |
| | 131 | |
| | 132 | If the user would only be ''Clerk'', then he could not see record ''Y'' at all. And he could not either create new records in ''aaa_bbbbb''. |
