Changes between Version 1 and Version 2 of UserGuidelines/Admin/Permissions/Rules


Ignore:
Timestamp:
02/09/17 09:39:24 (5 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • UserGuidelines/Admin/Permissions/Rules

    v1 v2  
    9090A default realm entity can be any type of person entity - an organisation, a facility, a team etc. When the user's affiliation with that entity ends, the realm of that entity will no longer belong to the user's default realm. This allows for implicit control of permissions through user-managed relationships (e.g. staff records, team memberships).
    9191
     92== Non-ACL Rules ==
     93
     94Controllers are free to implement additional authorization requirements outside of ACLs, and call auth.permission.fail() individually.
     95
     96Those non-ACL rules can further '''restrict''' access to data or functions, but they can not bypass ACL rules applied by S3 framework functions.
     97
     98In particular, non-ACL rules can not allow access to controllers while ACL rules deny it.