A Permissions Blueprint is a schema representation of different types of resources that need to be protected, actions that can be taken on them, and roles.
There are 2 steps to doing this:
- Defining your Resource Types and the actions that can be taken on them
- Defining your Roles
A Resource Type represents the type of resource that needs to be protected - typically this is a table name or section of your platform.
You must also specify the actions that can be taken on the Resource Type, as well as attributes if you need column-level permissions.
A role is a grouping of permissions that can be granted to users/usersets. A role consists of a list of permissions - the resource IDs affected are determined by the
OwnerId, and its corresponding
ownership query. This
ownership query is evaluated against your database to generate a list of IDs that the permissions applies to - these are implicit grants, as you're not specifying the IDs yourself, but rather the query to retrieve them.
Roles can be inherited, where a child role inherits permissions from the parent.