Skip to main content
Mitratech Success Center

Permissions Inheritance

Permissions inheritance refers to the settings of Allow, Deny or Not Set for Users, Roles and Groups.

Permissions for a particular User, Role or Group are tri-state:

  • Allow: Gives the item permission to administer that area of functionality.
  • Deny: Refuses the item permission to administer that area of functionality.
  • Not Set: Allows the item to inherit their permissions from a Parent.

Calculating Permissions

The list of operations which can be Allowed or Denied for a User are described in:

Table 148, “Terminology: Group Permissions
Table 150, “Terminology: Role Permissions
Table 152, “Terminology: User Permissions

When calculating a User’s permission for a particular operation, the following order is followed:

  1. Check for Explicit User Allow/Deny.
  2. Check For Explicit User Role(s) Deny.
  3. Check For Explicit User Role(s) Allow.
  4. Check For Explicit Group(s) Deny.
  5. Check For Explicit Group(s) Allow.
  6. Check For Explicit Group(s) Role Deny.
  7. Check For Explicit Group(s) Role Allow.
  8. Steps 4 to 7 are repeated for Parents of the Parent groups (until there are no more Parent groups) and if no explicit permissions are found, then Deny.

See “Set Permissions: Users, Groups and Roles” and see “Set Permissions: Multiple Groups with Conflicting Settings” for examples.

  • Was this article helpful?