Users are the people who log into your organisation, and what each can do is governed by the groups they belong to. Cloudby's access control is permission-based rather than role-fixed: groups carry granular permissions, and users inherit them by membership, so access is composed rather than assigned in one lump.
- How the access model is structured
- What a user record holds
- How permissions are inherited
- What a group level means
The access model
Three layers fit together. A user belongs to one or more user groups; each group carries a set of named permissions (granular rights like reading or editing a particular thing); and a user inherits every permission from every group they are in. Because permissions are granular and groups simply aggregate them, you build exactly the access a role needs rather than choosing from a few fixed roles.
Anatomy of a user
A user has tabs for their Profile, their Account (username, email, language, timezone, active flag), their Usergroup membership, and the resulting Permission set. A user group additionally carries a level, a numeric authority ladder running from ordinary user up through admin, configurator and developer, which signals how powerful the group is.
Worked example
You create a “Sales clerk” group holding just the sales permissions, and add your counter staff to it. They can now do exactly the sales work and nothing more. A supervisor who needs both sales and reporting simply joins both groups and inherits the union of their permissions.
Edge cases and good practice
- Compose access from groups; add a user to several rather than building one giant group.
- A user gets the union of all their groups' permissions, so least-privilege means lean group membership.
- Deactivate, do not delete, a departing user to keep their history.
Related
- How to: Manage users and access
- Reference: Invitations