Definitions

There are a few different items which need to be defined so that you can understand how we are using terms throughout this documentation. These are not intended to be an exhaustive glossary, just a basic introduction to the basic terms we use, so we don't need to redefine them later.

Resource

The resource is the actual model for the data that you are protecting access to through access control. When setting up Access Control, it should be named the same as the model. Each model that you are protecting requires a new resource. For example, in Message Center, there are two resources: channel (which restricts access to specific Comm Log channels and ability to post or reply within them) and template (which controls access to send emails via a specific email template). The reason the resources are named this is because they match the name of the Model which they are put on. Many apps only have one resource that is restricted.

Type

A "type" is what is every other column on the access table that will be created. There is a subset of types. There is the "User Type", which means the kind of user that the rule set is made up of. There are three main user types: dept, group, and user, and each of these can be turned on/off in the configuration. The other type is a Boolean Type, which is what controls all the specific access. By default, edit is the only Boolean Type, but you are able to add as many or as few as you so desire.

Rule and Ruleset

A singular rule is a single row on the access table. It is made up of the user, the resource, the various boolean types of access they have, and the specific id for the item that they have this access to. For example, one rule would be something like, in Message Center, the Students Group (user type and id) has access to the Poster Print (the item id the rule controls), which is a template (resource). On this, the Student group has access to send emails, but not to edit the template itself (Boolean Types). All the rules for a specific item can be seen in the Access Modal that is given to you by ember-fw-acl.

A Ruleset is the full set of rules for one user. It is most often used in the serverside, when determining the full level of access for a user to a specific item. It parses all the rules for any groups or departments that the user is in and allows returns the full level of access to that item that the user has as the aggregate of all those rules.