A Permissions Blueprint is a schema representation of different types of resources that need to be protected, actions that can be taken on them, and roles.
There are 2 steps to doing this:
- Defining your Resource Types and the actions that can be taken on them
- Defining your Roles
A Resource Type represents the type of resource that needs to be protected - typically this is a table name or section of your platform.
You must also specify the actions that can be taken on the Resource Type, as well as attributes if you need column-level permissions.
A Role is a grouping of permissions that can be granted to users/usersets, for a particular object(s). A role consists of a list of action-resourceType pairs, which describes actions that can be taken on the specified Resource Type - notice this does not specify which object ID!
Roles can be inherited, where a child role inherits permissions from the parent.