Permission Dictionary
This document serves as the single source of truth for all permissions available within the system. It is a living document that must be updated and reviewed whenever a new permission is added or an existing one is modified.
All permissions should follow a resource:action naming convention.
User Management
| Permission |
Description |
users:list |
Allows a user to view the list of all users in the system. |
users:view |
Allows a user to view the detailed profile of a specific user. |
users:create |
Allows a user to create a new user. |
users:edit |
Allows a user to edit the profile information of an existing user. |
users:change-status |
Allows a user to activate or deactivate a user's account. |
users:view-permissions |
Allows a user to view the effective permissions of another user. |
users:manage-groups |
Allows a user to assign or unassign groups to another user. |
Access Control Management
| Permission |
Description |
groups:list |
Allows a user to view all available groups. |
groups:create |
Allows a user to create a new group. |
groups:edit |
Allows a user to edit the name and description of a group. |
groups:delete |
Allows a user to delete a group. |
groups:manage-permissions |
Allows a user to assign or unassign permissions to a group. |
Auditing
| Permission |
Description |
audit:view |
Allows a user to view the security audit trail. |