Commit 11c96a

2026-06-23 03:31:09 Anonymous: -/-
permissions.md ..
@@ 1,8 1,33 @@
# Permissions
- This page is part of the AeThex documentation system.
+ Permissions define what an authenticated user, service, team, or integration is allowed to do inside AeThex.
- > [!NOTE]
- > This article is a placeholder and should be expanded.
+ <div class="docs-section-heading">
+ <h2>Authorization layer</h2>
+ <p>Authentication answers who someone is. Permissions answer what they can access.</p>
+ </div>
- {{PageIndex}}
+ Permissions should be evaluated after [[Authentication]] and inside the relevant [[Organizations]], [[Teams]], or [[Projects]] context. A user may have different access depending on which organization or project they are acting within.
+
+ ## Permission concepts
+
+ - Roles: named sets of access rules.
+ - Scopes: API-level capabilities granted to tokens or integrations.
+ - Ownership: direct control over a resource.
+ - Team membership: inherited access through [[Teams]].
+ - Administrative override: powerful access that should be logged and limited.
+
+ ## Safe defaults
+
+ 1. Deny by default.
+ 2. Grant the smallest useful role.
+ 3. Separate read, write, admin, and billing/security privileges.
+ 4. Audit sensitive permission changes.
+ 5. Revoke access when users leave teams or organizations.
+
+ <div class="docs-grid">
+ <a class="docs-card" href="/Authentication">Authentication</a>
+ <a class="docs-card" href="/Teams">Teams</a>
+ <a class="docs-card" href="/Security-Model">Security Model</a>
+ <a class="docs-card" href="/Policies">Policies</a>
+ </div>
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9