...
Trivore Identity Service (TIS) utilises role-based access control. In practise it means what selections you Role-Based Access Control (RBAC). The basic building blocks in RBAC are roles and permissions. Permissions allow a principal to perform some action like editing user accounts. Roles consist of one or more permissions and can be simply thought to be a group of permissions. Users are then given one or more roles depending what kinds of tasks they need to perform. In practise, the views which users see in the Main Menu and can access, depends on assigned roles and permissions at any particular time. Also views will only allow users read-only access if the users do not have the required permission to manage the objects.
The access model in TIS is very fine grained and there are over 130 different permissions in the core system alone. The business extensions may also introduce additional permissions to the system. Event though there is a large number of permissions, they are well organised and their structure is logical. There are about 30 different pre-defined roles. Each user account may have several roles. What one can do in TIS is determined by the assigned Roles (and the Permissions tied to those Roles), which makes it easy to give each user a functional set of permissions so that they can do their work.
TIS extends the basic RBAC model by introducing groups. In addition to giving users roles, roles can be added to a group so that all user members of that group will gain the roles.
TIS has two roles classes: built-in static System Roles and flexible, dynamic Custom Roles. Most System Roles have two permission levels: Admin and Auditor, which are depicted in the role names. Admin may administrate and manage, Auditor may view.
...
The picture below describes the relations between Permissions, Roles, Group Policies, Groups and Accounts. This is the current functionality for platform versions before 2.8.
Starting version 2.8 the Group Policy is omitted from the flow, and the following scheme will be used.
...