GlossaryΒΆ
- ACM
- An Access Control Matrix defines the rights of a list of
principals. An ACM crosses principals with permissions. At the
intersection of a principal and a permission there is an action.
The action can be either
pyramid.security.Allow
,pyramid.security.Deny
orNone
. None is a default value and does not grant any right. - DAG
- Versions of one resource that build a directed acyclic graph.
- group
- A set of users. Can be mapped to permission role.
- groupid
- Unique id of one group: “group:<name>”.
- local role
- A role mapped to a principal within a local context and all his children.
- post_pool
- A normal or service
adhocracy_core.interfaces.IPool
that serves as the common place to post resources of a special type for a given context. If resource sheet field with backreferences sets aadhocracy_core.schema.PostPool
field, the referencing resources can only be postet at the post_pool. This assumes that a post_pool exists in the lineage of the referenced resources. If a resource sheet field with references sets this, the referenced resource type can only be posted to post_pool. - principal
- A principal is a string representing a userid, groupid, or roleid. It is provided by an authentication policy. For more information about the permission system read User Registration and Login.
- role
- A set of permissions that can be mapped to principal
- roleid
- Unique id of one permission role: “role:<name>”.
- service
- A resource marked as service. Services
may provide special rest api end points
and helper methods. You can find them by their name with
adhocracy_core.interfaces.IPool.find_service()
. The service has to be in lineage or a child of a lineage pool for a given context. - userid
- The unique id for one userique id of one group: “group:<name>”.