Our software platform utilizes a comprehensive access control system to ensure that users have the appropriate permissions to interact with content based on their roles and the scope of their access. This document provides a simple and easy-to-understand explanation of the key components and how they work together.
User: A person who can log into the platform.
Content Types: Defined within the organization, representing the types of content you wish to store.
Content Items: Content records in the database, created within at least one scope, but can be contained within multiple scopes simultaneously.
Role: A record that lists all actions a particular user might be able to perform, such as 'create article', 'delete article', etc. Examples include 'Website Viewer', 'Manager', and 'Volunteer'.
Scope: A record representing a particular area/domain of your database, such as geographical locations ('Australia', 'United States') or departments within your organization ('HR', 'Finance', 'Customer Support'). Scopes can be nested in a tree structure, similar to folders.
Access Pass: A record that combines 'Roles' and 'Scopes', which is then assigned to Users, granting them permissions from the specified roles within the domains of the specified scopes.
Advantages to our approach
Content can be segmented and compartmentalised using scopes
Access Passes can be updated at any time, and all users who hold that access pass will be granted the permissions that access pass contains in realtime.
Multiple Access Passes can be held by a user at any point in time, This allows you to cater for sophisticated access control that more closely mirrors reality.