5.1 System permissions Description
5.1.1 Dual-Track Authority
In the Kedao Cloud system, user access is governed by two distinct types of permissions: Role Permissions and Document Permissions.
- Role Permissions: These are system-wide permissions that define a user's capabilities across the entire Kedao Cloud environment, including areas such as My Documents, Enterprise Space, and Departments.
- Document Permissions: These permissions are specific to departmental settings, files (folders), and internal collaboration. Document permissions determine what actions users or groups can perform on a particular file or folder.
5.1.2 Permission Priority
The Kedao Cloud system adheres to a strict permission hierarchy to determine user access:
- Role Permissions > Current File/Folder Permissions > Nearest Parent File/Folder Permissions > Department Permissions
Key Principles:
- Role Permissions take precedence over document permissions, defining the maximum level of access a user can have within the Kedao Cloud system.
- For a specific file or folder, if permission settings are applied, those settings define user access.
- If no permissions are set for a particular file or folder, the system will inherit the permissions from the closest parent folder that contains the user.
- If no permissions are set at any higher level, the user’s department permissions will be applied.
5.1.3 Permission Configuration
Both Role Permissions and Document Permissions consist of a combination of predefined permission items. The system includes several built-in role and document permission templates that cater to common use cases. Typically, the system administrator configures these permission combinations.
Role Permissions: These are typically set by the administrator and are applied when users log in, restricting their actions according to their assigned roles.
Document Permissions: While initially set by the administrator, non-administrator users can assign document permissions as needed within the confines of their role permissions.