diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:15:40 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-14 13:15:40 +0000 |
commit | b7fd908d538ed19fe41f03c0a3f93351d8da64e9 (patch) | |
tree | 46e14f318948cd4f5d7e874f83e7dfcc5d42fc64 /doc/31-Permissions.md | |
parent | Initial commit. (diff) | |
download | icingaweb2-module-businessprocess-b7fd908d538ed19fe41f03c0a3f93351d8da64e9.tar.xz icingaweb2-module-businessprocess-b7fd908d538ed19fe41f03c0a3f93351d8da64e9.zip |
Adding upstream version 2.5.0.upstream/2.5.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/31-Permissions.md')
-rw-r--r-- | doc/31-Permissions.md | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/doc/31-Permissions.md b/doc/31-Permissions.md new file mode 100644 index 0000000..b6b8b98 --- /dev/null +++ b/doc/31-Permissions.md @@ -0,0 +1,25 @@ +# Permission System + +The permission system of the module is based on permissions and restrictions. + +## Permissions + +The module has five levels of permissions: + +* Granting general module access allows a user to view business processes. (`module/businessprocess`) +* Create permissions allow to create new business processes. (`businessprocess/create`) +* Modify permissions allow to modify already existing ones. (`businessprocess/modify`) +* Permission to view all business processes regardless restrictions. (`businessprocess/showall`) +* Full permissions. (`businessprocess/*`) + +## Restrictions + +There are two ways to configure restrictions: prefix-based and access controls + +### Prefix-based + +This option allows to limit access of a role to only business processes with a specific prefix. For this the ID (Configuration name) of a business process has to start with a prefix and it has to be set as restriction on the role. (`businessprocess/prefix`) + +### Access controls + +This option allows for more fine granular permissions based on user (`AllowedUsers`), group (`AllowedGroups`) and role (`AllowedRoles`). These attributes take a comma-separated list, get added to the header of the business process configuration file and limit access to the owner and the mentioned ones. |