Skip to main content

2 docs tagged with "group membership"

View all tags

Permission Groups

A permission group is a named collection of users that the platform's access control layer can treat as a single subject. Rather than granting capabilities to every user one by one, administrators grant them to a group, and every member of the group inherits the grant. Groups make access policy easier to manage, easier to audit, and easier to change as people join, move between teams, or leave.

Role Groups and Inheritance

Role groups are the mechanism by which the role hierarchy is represented for relationship-based access. Each role becomes a group, and parent-child relationships between roles become parent relationships between groups. The authorization model resolves these transitively, so a user assigned to a single role automatically inherits access from every ancestor in the hierarchy.