summaryrefslogtreecommitdiff
path: root/doc/share/authz/FAQ.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/share/authz/FAQ.md')
-rw-r--r--doc/share/authz/FAQ.md27
1 files changed, 27 insertions, 0 deletions
diff --git a/doc/share/authz/FAQ.md b/doc/share/authz/FAQ.md
index 3d560f1..8e73beb 100644
--- a/doc/share/authz/FAQ.md
+++ b/doc/share/authz/FAQ.md
@@ -4,3 +4,30 @@
* Q: How do we define the scope of a permission? (hierarchical?)
* Q: What is the unique identifier for each security principal across service boundaries? (i.e. bigint, ulid, uuid, email)
* Q: What permissions do each of the standard roles have today?
+* Q: How does a permission cascade down a group hierarchy?
+
+```
+Organization
+ Group A
+ * Roles
+ * Developer
+ * Maintainer
+ * Custom A
+ * base: developer
+ * permissions:
+ * admin_vulnerability: true
+ * read_vulnerability: true (implicitly)
+ * Custom B
+ * base: maintainer
+ * permissions:
+ * Doesn't really matter because Maintainer has all the permissions available via a custom role. <- Fact check this
+ Group Aa
+ Project Aa1
+ Project Aa2
+ Group Aaa
+ Project Aaa1
+ Project Aaa2
+```
+
+* Q: If a user has a membership at `Group A`, does the permissions associated with that
+membership cascade down to `Group Aa` and `Group Aaa`?
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 05:06:47 +0000