Role
A Role in its simplest form is a collection of permissions. A Role is either global, or scoped to a Zone.
Once a Role is associated with a Group, all Users in the Group will be granted the permissions defined in the Role.
Permission
A permission defines the actions a user can perform on a resource. This grant may be conditional or unconditional. A permission is a tuple consisting of the following: resource, action and condition.
Resource
The resource the permission applies to. See PermissionResource.
Action
The action allowed by the permission. See PermissionAction.
Condition
Optional condition(s) that must be satisfied for the permission to be granted.
Role
The role of the user (actor) in the context of the resource. Only applies to Adjustment resources currently. See PermissionRoleCondition.
State
The state of the resource. Only applies to Adjustment resources currently. See AdjustmentStatus.
Date Range
The start, end or date range. Only applies to Adjustment resources currently. The Adjustment’s lossDate field is used as the date for the condition. See AdjustmentStatus.
Examples
Example 1
A user with the following permission will be allowed to unconditionally create, update and read Adjustments in Zones where this Role is attached.
- Resource:
Adjustment - Actions:
Create,Update,Read - Condition: -
- Date Range: -
Example 2
A user with the following permission will be allowed to read Adjustments which are in the review state, and have a lossDate after 2024-01-01 in Zones where this Role is attached.
- Resource:
Adjustment - Actions:
Read - Condition: State is
review - Date Range:
2024-01-01onward