# Frequently Asked Question (FAQ)

* Q: Are there permissions that do not cascade down the group hierarchy?
* Q: How do we define the scope of a permission? (hierarchical?)
* Q: What is the unique identifier for each security principal across service boundaries? (i.e. bigint, ulid, uuid, email)
* Q: What permissions do each of the standard roles have today?
* Q: How does a permission cascade down a group hierarchy?

```
Organization
  Group A
    * Roles
      * Developer
      * Maintainer
      * Custom A
        * base: developer
        * permissions:
          * admin_vulnerability: true
            * read_vulnerability: true (implicitly)
      * Custom B
        * base: maintainer
        * permissions:
          * Doesn't really matter because Maintainer has all the permissions available via a custom role. <- Fact check this
    Group Aa
      Project Aa1
      Project Aa2
    Group Aaa
      Project Aaa1
      Project Aaa2
```

* Q: If a user has a membership at `Group A`, does the permissions associated with that
membership cascade down to `Group Aa` and `Group Aaa`?