Changes

When a user requests an object from the web service (via the mobile app), the correct rights are evaluated.

The rights for an object are defined by programmatic customizing, overriding a respective method "CustomGroupRights".

More specific group rights override rights assignments to more general groups.

The possibility to assign a user to different groups (not necessarily inheriting from each other) can lead to multiple (at first glance, conflicting) rights for different groups the user is in.

See [[HowTo:Configure_Users_and_User_Rights]].

== Rights Evaluation ==

The evaluation process goes as follows:

# Get object's custom group rights

... where "RestrictiveNoRight" will be translated into "NoRight" and "RestrictiveRead" will be translated into "Read" ultimately - they are just used to have a way for active restriction instead of only extension (similar to the idea of blacklisting instead of whitelisting).

== Caching ==

It automatically establishes and maintains a working memory structure of the assignments between users and groups as well as the group hierarchy for fast access.

If change detection is enabled for the webservice (via AppSettings.config: setting UBIK.Service.EnableChangeNotifications = 1), the cache is updated as fast as possible as soon as any relevant change is detected. Otherwise, the cache is updated wrt. a login when this hasn't happened for some time and group data is being fetched.

* [[LOGIN|Logins]]

[[Category:Publishing|User Groups and Rights]]

[[Category:Studio|User Groups and Rights]]

[[Category:Web service|User Groups and Rights]]