Roles/Permissions
Setting up a permission structure
AccessOwl offers three different ways to map out an application permission structure:
One set of roles/permissions per application This is the simplest form where the application has a set of roles/permissions (entitlements). You can specify whether only one entitlement can be selected or multiple roles can be selected.
One set of roles/permissions per application This is the simplest form where the application has a set of roles/permissions (entitlements). You can specify whether only one entitlement can be selected or multiple roles can be selected.
You can add an extra layer between application and roles/permissions. It’s often used for vaults, repos, folders or similar objects which can have different permissions.
This involves grouping objects together. A parent object holds the right set of entitlements, and the child objects inherit them.
Usually all roles/permissions are requestable by default. You can adjust that individually.