Permissions and Hierarchy

Introduction

The access to each document is controlled with permissions. The permissions are stored in the systemData field of every text. The read permissions decide on who is able to read the text. There could be multiple read permissions for a text.

Tokens and hierarchy

Let us look at this example:

_permission__name_read_/name__userOrGroup_studentsMATH001_/userOrGroup__/permission_ _permission__name_read_/name__userOrGroup_studentsMATH002_/userOrGroup__/permission_

If the above rules are placed in a systemData field, then the text can be read by anyone who has studentsMATH001 token or studentsMATH002. Each user can have one or multiple tokens.

The tokens are implemented in the following way: Tokens are elements of the users database. They are treated just as regular users. They are created in the same way as the users are created (except that in most of the cases, you can safely forget their passwords). The concept of giving a token to a user is achieved through the database called Hierarchy. This database is a directed graph. The vertices of the graphs are users. If there is a directed edge between the user GWashington and the user studentsMATH001, then the user GWashington is assumed to have the token studentsMATH001. The user GWashington can access any web page whose read permission includes the token studentsMATH001.

For each of the users you can see the tokens that they posses by clicking on their name from the database Users. You can add or remove the edges from the graph Hierarchy by using the appropriate commands that are listed in the commands page.