Access control in Stages works through permissions. A typical permission looks like this:

XXX Screenshot

The various attributes of a permission are described in the following section.

A permission can either allow access to specific elements (= enabled) or deny it (= disabled).

A Deny is stronger than an Allow, so if a user has two permissions for a specific element and one is Allow and the other is Deny, the access is not granted.

sss

sss

sss

RMCD describes the operations that are allowed or denied by the permission:

• R: Read
• M: Modify
• C: Create
• D: Delete

sss

In general, Deny permissions override Allow permissions:

Deny > Allow

The Precendence attribute provides more control over this hierarchy by being either High (= enabled) or Low (= disabled):

High Deny > High Allow > Low Deny > Low Allow

For example, this can be used to allow access to some specific workspaces, but not all of them:

Transitive Low Deny for all Workspaces

Non-Transitive High Allow for the Root Workspace

xxx