Explaining Permission Scope¶
[Draft — pending review]
For many features in Ordinate, permissions are not just about what a user can do — they also depend on whose data they are looking at. This is controlled through three permission scopes: Self, Department, and All.
The Three Scopes¶
| Scope | Meaning |
|---|---|
| Self | Data that belongs to, or is hosted/organised by, the current user |
| Department | Data belonging to people in the same department as the current user |
| All | All data, regardless of who it belongs to |
Each scope has its own access level (None, View, Create, Edit, Delete, Administer). This means you can set different permission levels for each scope within the same feature and role.
Example: Meetings¶
A common configuration for a standard meeting coordinator might be:
| Scope | Access Level | Effect |
|---|---|---|
| Self | Edit | Can edit meetings they host or organise |
| Department | View | Can see meetings hosted by colleagues in their department |
| All | None | Cannot see any other meetings |
This means the user can fully manage their own meetings, keep an eye on their department's schedule, but has no visibility of meetings outside their team.
Example: Accommodation¶
For accommodation management, scope controls might work like this:
| Scope | Access Level | Effect |
|---|---|---|
| Self | Edit | Can view and update their own accommodation details |
| Department | None | No visibility of colleagues' accommodation |
| All | None | No visibility of other people's accommodation |
An administrator managing accommodation would typically have Administer at the All scope, allowing them to manage bookings for everyone and assign hotels and room types.
How Scopes Cascade¶
The scopes follow a logical rule: your permissions for your own data must be at least as high as your permissions for others' data. This is enforced automatically:
- If you lower the Self scope, Department and All are automatically lowered to match (if they were higher)
- If you raise the All scope, Self and Department are automatically raised to match (if they were lower)
- Department sits in between and follows the same logic in both directions
This prevents illogical configurations like being able to delete other people's meetings but not view your own.
Which Features Use Scope?¶
Not all features use the Self/Department/All distinction. Simple features like Noticeboard or Badge Printing have a single permission level that applies to all data equally — there is no concept of "your own" noticeboard items.
Features that commonly use scope include:
- Meetings — scoped by host/organiser
- Accommodation — scoped by person
- People / Registration — scoped by department
- Meeting sub-features (Catering, Agenda, Feedback, etc.) — inherit scope from the parent meeting
Info
When you are viewing a specific meeting or person record, Ordinate automatically determines which scope applies based on your relationship to that record. You do not need to choose a scope — the system works it out and applies the correct permission level.