icingaweb2-module-businessp.../doc/31-Permissions.md

# Permission System

The permission system of the module is based on permissions and restrictions.

## Permissions

The module has five levels of permissions:

* Granting general module access allows a user to view business processes. (`module/businessprocess`)
* Create permissions allow to create new business processes. (`businessprocess/create`)
* Modify permissions allow to modify already existing ones. (`businessprocess/modify`)
* Permission to view all business processes regardless restrictions. (`businessprocess/showall`)
* Full permissions. (`businessprocess/*`)

## Restrictions

There are two ways to configure restrictions: prefix-based and access controls

### Prefix-based

This option allows to limit access of a role to only business processes with a specific prefix. For this the ID (Configuration name) of a business process has to start with a prefix and it has to be set as restriction on the role. (`businessprocess/prefix`)

### Access controls

This option allows for more fine granular permissions based on user (`AllowedUsers`), group (`AllowedGroups`) and role (`AllowedRoles`). These attributes take a comma-separated list, get added to the header of the business process configuration file and limit access to the owner and the mentioned ones.
doc: Adjust accordingly to our new packaging docs 2023-10-11 09:14:11 -04:00			`# Permission System`
Permissions: add form elements and documentation Refs #98 Refs #124 2020-12-15 08:44:48 -05:00
			`The permission system of the module is based on permissions and restrictions.`

doc: Adjust accordingly to our new packaging docs 2023-10-11 09:14:11 -04:00			`## Permissions`
Permissions: add form elements and documentation Refs #98 Refs #124 2020-12-15 08:44:48 -05:00
			`The module has five levels of permissions:`

			* Granting general module access allows a user to view business processes. (`module/businessprocess`)
			* Create permissions allow to create new business processes. (`businessprocess/create`)
			* Modify permissions allow to modify already existing ones. (`businessprocess/modify`)
			* Permission to view all business processes regardless restrictions. (`businessprocess/showall`)
			* Full permissions. (`businessprocess/*`)

doc: Adjust accordingly to our new packaging docs 2023-10-11 09:14:11 -04:00			`## Restrictions`
Permissions: add form elements and documentation Refs #98 Refs #124 2020-12-15 08:44:48 -05:00
			`There are two ways to configure restrictions: prefix-based and access controls`

			`### Prefix-based`

			This option allows to limit access of a role to only business processes with a specific prefix. For this the ID (Configuration name) of a business process has to start with a prefix and it has to be set as restriction on the role. (`businessprocess/prefix`)

			`### Access controls`

			This option allows for more fine granular permissions based on user (`AllowedUsers`), group (`AllowedGroups`) and role (`AllowedRoles`). These attributes take a comma-separated list, get added to the header of the business process configuration file and limit access to the owner and the mentioned ones.