Closed jdmswong closed 9 years ago
Hi @jdmswong, I updated the readme with a section about groups. Does this make it more clear?
I understand now, groups don't represent collections of permissions. You think of them as separate entities a user has specific permissions for, independent of other groups.
I'm confused, it seems wherever groups are used, roles are assigned to them. For example:
To my understanding this line is adding user1 and user2 to the 'example.org' group, which encompasses the roles 'glorious-admin' and 'perform-action'.
I would expect only the group to be assigned to the users, and the roles assigned to groups elsewhere. That way if we decide the example.org group are no longer glorious-admins we don't have to change every line example.org is used, only the one assigning glorious-admin to example.org.
Also what happens if this line is executed right after?
Is example.org still glorious-admin? What happens to user1 and users2's roles?
Can you elaborate on the semantics here? Thanks!