...
There is a distinct division between permissions and scopes. Permissions control access to YOUnite resource (i.e endpoints) and scopes control access to the data behind the /domains and /dr endpoints.
When a zone is created, the zone users 1) Zone IT Admin (admin) and 2) Zone Data Steward (ZDS) are given appropriate permissions based on their respective roles. The admin can grant permissions to most of the resources in the zone. The remainder of the permissions, which are data related, are granted by the ZDS.
Resource permissions granted to zone users (users) are restricted restrictive by default. Permissions can be granted to a resource by specifying:
- The "ALLOW" type of permission
- The URI location
- The URI can contain the "*" wildcard character.
- The REST action. Possible actions mirror the REST verbs available at the resource and the special case ANY which is a shortcut for "all vebs":
- GET
- PUT
- POST
- DELETE
- ANY
...