A Caspeco ID is marked with a boolean flag that it is considered to be Caspeco Support.
The Caspeco ID doesn't have to have permissions to any system or in an other way be linked to a system.
In every system, there is a role defined called Caspeco_support that by default has all permission flags enabled. (Every system contains roles that can describe different permissions)
When the ID Service is fetching permissions, it will check for the Caspeco Support flag on the ID.
If the flag is present, it will create a set of permissions, containing the "caspeco_support" role.
If the Caspeco ID is actually linked to that system and contains another set of permissions, they would be fetched aswell, and the caspeco_support-role would simply be appended to the permissionset.
In the case of caspecos own system, we can change the properties of the caspeco_support-role, to not have any access, locking every caspeco support member out of the system. Any Caspeco ID's that should have permissions within the system will still be able to access it exactly as a normal user would.
A Caspeco ID is marked with a boolean flag that it is considered to be Caspeco Support. The Caspeco ID doesn't have to have permissions to any system or in an other way be linked to a system.
In every system, there is a role defined called Caspeco_support that by default has all permission flags enabled. (Every system contains roles that can describe different permissions)
When the ID Service is fetching permissions, it will check for the Caspeco Support flag on the ID. If the flag is present, it will create a set of permissions, containing the "caspeco_support" role. If the Caspeco ID is actually linked to that system and contains another set of permissions, they would be fetched aswell, and the caspeco_support-role would simply be appended to the permissionset.
In the case of caspecos own system, we can change the properties of the caspeco_support-role, to not have any access, locking every caspeco support member out of the system. Any Caspeco ID's that should have permissions within the system will still be able to access it exactly as a normal user would.