Access control documented
This commit is contained in:
@@ -1 +1,20 @@
|
||||
# User groups
|
||||
# User groups
|
||||
All users in Sentri are assigned to a user group. There are currently two types of user groups:
|
||||
|
||||
- **Administrator** – Users not tied to specific companies. They are responsible for administering Sentri and are created [[Admins|here]].
|
||||
- **User** – Intended for future use for users linked to specific companies. This group type is not yet active in Sentri.
|
||||
|
||||
## User group weight
|
||||
Each user group has an associated **weight**, which is used to enforce hierarchy and prevent privilege escalation.
|
||||
|
||||
For example, if your current user group has a weight of **10**, you cannot create or assign a user to a group with a lower weight (e.g. **1**) if that would result in higher permissions than your own. This ensures users cannot create accounts with greater access than their own.
|
||||
## Adding a user group
|
||||
To add a user group, you need the `admin-access-control-user-groups` RW permission.
|
||||
|
||||
Navigate to **Access Control** > **User groups** and click **Add user group**. Enter a name and select the group type.
|
||||
|
||||
After creation, you will be able to configure the group’s [[Permissions|permissions]]. To modify permissions, you also need the `admin-access-control-permissions` **RW** permission.
|
||||
## Viewing user groups
|
||||
To view user groups, you need the `admin-access-control-user-groups` RO permission.
|
||||
|
||||
Go to **Access Control** > **User groups** and click the **view icon** next to a user group. This will show detailed information about the group, including all configured [[Permissions|permissions]].
|
||||
Reference in New Issue
Block a user