Understanding roles

A configuration object named Role is intended for defining user rights. Using this object, a developer can describe a set of rights to execute some actions on specific database objects and on the configuration as a whole.

As a rule, a role is created separately for each type of activity, and each user is assigned one or more roles.

When a user is assigned multiple roles, access is granted or denied based on the following rules:

  • If any of the roles has the permission, access is granted
  • If none of the roles have the permission, access is denied
Next page: Creating roles