Auth: Document roles can be assigned to any user.

author: Frederick Muriuki Muriithi 2023-06-28 11:15:24 +0300
committer: Frederick Muriuki Muriithi 2023-06-28 11:16:13 +0300
commit: b6a55ed72f62882c3d72acbfc41384aeccb40948 (patch)
tree: 9ca42e1ded3c82b9cb69a195f3cbbde62682f620 /topics/authentication
parent: b6bddd71a83d3d04153de5b9eea35b4a45c344d7 (diff)
download: gn-gemtext-b6a55ed72f62882c3d72acbfc41384aeccb40948.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/topics/authentication/authentication-authorisation-design.gmi b/topics/authentication/authentication-authorisation-design.gmi
index 1085980..92b396e 100644
--- a/topics/authentication/authentication-authorisation-design.gmi
+++ b/topics/authentication/authentication-authorisation-design.gmi
@@ -120,6 +120,8 @@ These demand some bureaucracy to access due to security and privacy consideratio
 
 The roles will be collections of privileges that can be assigned to users. They are the system's main way of controlling access to the system and restricting user access.
 
+Roles can *ideally* be assigned to any user, whether they are a member of the group or otherwise. This means, that a resource can be private to the group, and the resource owner can give access to the resource to (a) specific user(s) outside the group by assigning them a role that has only the privileges they need for access.
+
 ### Groups
 
 The group is the main organisational scheme for the authorisation system.
author	Frederick Muriuki Muriithi	2023-06-28 11:15:24 +0300
committer	Frederick Muriuki Muriithi	2023-06-28 11:16:13 +0300
commit	b6a55ed72f62882c3d72acbfc41384aeccb40948 (patch)
tree	9ca42e1ded3c82b9cb69a195f3cbbde62682f620 /topics/authentication
parent	b6bddd71a83d3d04153de5b9eea35b4a45c344d7 (diff)
download	gn-gemtext-b6a55ed72f62882c3d72acbfc41384aeccb40948.tar.gz