Permissions are applied by model. A model is basically a table, but depending on customization can be bigger or smaller.
Permissions are effective everywhere, in the control panel and the API.
All, Group or Owner
Each user has 3 sets of rights.
All gives or remove rights on all entries of a model.
Group gives or remove rights on primary group owned entries of a model.
Owner gives or remove rights on owned entries of a model.
Each entry is marked with the user and primary group on creation automatically unless otherwise stated in the Schema.
The predominance of rights in case of colliding rights will always be All, Group and owner last.
Read, Add, Update, Delete
Each access control have 4 rights.
Read is required to have a menu appear, and view entries.
The rest is self explanatory.
Groups
Groups are permissions templates.
By default, 2 groups are created: User and Admin.
The “Admin” group should remain unchanged as it will bypass all rights.
Its up to you to create the required Groups with well defined access control for each of your group of users.