Share-IT Permissions Structure
The permissions structure was designed to be as simple as possible while still having the appropriate functionality.
Every folder and content object has a security mechanism. Individual users and groups of users can be assigned one or more roles in the context of a folder or content object. The role(s) that a user has on a folder or content object, by virtue of explicit assignment to the user or by virtue of the user belonging to a group, determine the user's permissions - what the user can do with that folder or content object. Users acquire all permissions which are implied by any of the roles possessed.
Role = defines the type of relationship a user or group has to a folder or content object
State = defines visiblilty - how private or public the folder or content object is
Permissions = defines the powers of a user with a particular role on a folder or content object in a particular state
Users are automatically assigned a role that is either logged in or not logged in. The reader, writer, and owner roles are either explicitly assigned by an owner or are automatically assigned to a user who creates new content.
A user possessing the owner role may delegate any of the roles he or she possesses but needs to be aware that they are taking responsibility for their delegatee's actions. Users with publish permissions on a folder or content object can change the state of that folder or content object. Since the structure is not designed with an approval process, it is important to think about what you make visible to share-it users and the world.
