|
|
|
The predefined user type (Supervisor, Power
User, User and Group) determines whether and how the user can manage other
users. |
|
|
|
The predefined Supervisor |
|
A unique persistent super user that cannot
be removed. |
|
He has the authority to create and remove
any user (including [definable] Supervisors and Power Users) or group. |
|
He has full access to every individual
securized item and this access cannot be restricted (any particular rights
cannot be revoked) |
|
|
|
Definable Supervisors |
|
Can be created and removed by the unique
Supervisor only. |
|
He has full access to every individual
securized item and this access cannot be restricted (just like the unique
Supervisor) |
|
|
|
Power Users |
|
Can be created and removed by any
Supervisor. |
|
Access to individual securized item can be
restricted or granted by any Supervisor. |
|
Can create and remove Groups and
"regular" Users. |
|
Can manage access rights for any Group and
"regular" User as long as the Power User himself has access to
this individual securized item. |
|
Can be a member of one or more [non
predefined] Group |
|
|
|
Users |
|
Can be a member of one or more [non
predefined] Group |
|
|
|
Groups |
|
Can inherit access rights from one or more
[non predefined] Group |
|
Group membership for a group is restricted
in a way not to allow more than one inheritance branch leading to the same
ancestor group. |
|
|
|
|
|
|
|
Example for Group inheritance: |
|
If G2 inherits G1 and G3 inherits G1, a new
group G4 can inherit G1 or G2 or G3 but cannot inherit in the same time G2
and G3 (nor G1 and G2). |
|
By contrast a user U1 can be member
simultaneously of G1, G2, G3 and G4 or any combination of these groups. |
Notes
