Changes between Version 16 and Version 17 of UserGuidelines/Admin/Permissions

Timestamp:

04/08/20 13:33:14 (5 years ago)

Author:

Fran Boon

Comment:

--

UserGuidelines/Admin/Permissions

@@ -46 +46 @@
 
 == Control access to Records ==
-Records can be owned by individuals or Organisations (including Branches, Teams & Facilities).
+Records can have a Realm - the Realm Entity can be an individual Person, a Group, an Organisation (including Branches, Teams & Facilities), or other Person Entity (PE).
+
+You can see the Person Entity Model here:
+* [wiki:DeveloperGuidelines/PersonEntityModel Person Entity Model]
 
 This allows control of access by Realm - so staff of 1 Organisation can see their records of a certain type yet not those for another Organisation in the same database.
@@ -57 +60 @@
 NB This also requires an ACL to a role other than Anonymous, Authenticated or Admin. Resources are never realm-restricted for these 3 roles.
 
-This functionality can be extended to support Hierarchy so that data restrcited to a single organisation can be amde avaialble to all branches of that Organisation (however data owned by the Branch is by default only visible to members of the Branch):
+This functionality can be extended to support Hierarchy so that data restricted to a single organisation can be made available to all branches of that Organisation (however data owned by the Branch is by default only visible to members of the Branch):
 {{{
 settings.security.policy = 7: Apply Controller, Function, Table ACLs and Entity Realm + Hierarchy
 }}}
+Note that if an entity is specified on the ACL, then that is NOT hierarchical...only the Entity on the auth_membership record is.
 
 This functionality can be extended yet further by allowing organisations to share their private data with selected individuals, teams, facilities and organisations that they wish to (this is done by delegating the access role to that other entity, as they can now decide which of their people get the access):