DE EN EN (Google)

Rights management for users and groups

These rights affect the manipulation and visibility of users and groups.

Notice that there is a related system right system.user.write_self.

Realms

User

An ACL can be specified for a user (attribute _acl). The rights in this ACL refer to the accessibility of this user.

Group

An ACL can be specified for a group (attribute _acl). The rights in this ACL refer to the accessibility of this group.

Rights

As with pools and collections, the “bag” prefix is used to indicate that a right refers to a group rather than the users it contains.

Right Parameters Realm Description
read - user User can be searched
read - group Users of this group can be searched
bag_read - group Group can be searched
write - user User can be modifed and seen in full format
write - group Users of this group can be modified and seen in full format
bag_write - group Group can be modified and seen in full format
delete - user User can be deleted
delete - group Users of this group can be deleted
bag_delete - group Group can be deleted
link - group The user can add users to this group
unlink - group The user can remove users from this group

ACL properties

Tagfilters and the “grantable” and “sticky” flags will be ignored by these rights.

Right dependencies

The following dependencies exist:

Owner

The owner of a user has the following rights:

The owner of a gruop has the following rights:

Note: If an user/group has a group as owner, all users in the group are considered to own the user/group.