This is an old revision of the document!
Permissions
Access control in Stages works through permissions. A typical permission looks like this:
XXX Screenshot
The various attributes of a permission are described in the following section.
Allow / Deny
A permission can either allow access to specific elements (= enabled) or deny it (= disabled).
A Deny is stronger than an Allow, so if a user has two permissions for a specific element and one is Allow and the other is Deny, the access is not granted.
Domain
sss
Workspace
sss
Transitive
sss
RMCD
RMCD describes the operations that are allowed or denied by the permission:
- R: Read
- M: Modify
- C: Create
- D: Delete
Level
sss
Precedence
In general, Deny permissions override Allow permissions:
Deny > Allow
The Precendence attribute provides more control over this hierarchy by being either High (= enabled) or Low (= disabled):
High Deny > High Allow > Low Deny > Low Allow
For example, this can be used to allow access to some specific workspaces, but not all of them:
Transitive Low Deny for all Workspaces
Non-Transitive High Allow for the Root Workspace
xxx