|
Certain ACL rights are required for certain administrative actions
to be performed. In order to maximize rights-configuration
flexibility, some actions require rights on multiple objects. For
example, editing settings on a profile requires rights not only on the
profile, but also on the setting itself. Note in the object hierarchy
(here) that profiles and settings are two
"sibling" branches, rather than settings being replicated as
descendants of every profile. Thus, profiles and settings can be
thought of as a two-dimensional grid for permissions, and a user's
rights can be tailored across that grid: access to one setting across
all profiles, access to all settings one profile only, etc.
The rights needed for specific actions are listed below. If a user
does not have the required rights for an action, either a red
Access denied message will be displayed, or (if access still granted
to other parts) the affected object may simply not appear (read access
denied), or may appear grayed out (write access denied). For more
information and some example permission schemes, see the Using Access
Control section, here.
Copyright © Thunderstone Software Last updated: Thu Dec 22 14:38:01 EST 2011
|