Login :: Sitemap :: Contacts

 SUMO Homepage > Documentation > Understanding SUMO permissions
Understanding SUMO permissions
Users and Groups
Every user on SUMO Access Manager has a unique username, and is a member of at least one group with minimum "1" as access level. A user can also be a member of one or more other groups.
Every group have an access level, a number between 1 and 7, in order to manage different levels of authorization within the group.
Only a user that is member of group "sumo" with access level longer than "5" can manage (add, modify, delete, etc.) other groups. This user, independently from access level, can access to all resources of other groups (like root group on Unix-like systems).

This table resume access levels used for Sumo framework, it's recommended to use these levels as standard for your applications:

Access Level Grant Description
1 Unused
2 Unused
3 View User can only view a resource
4 Edit User can view and modify a resource
5 Add User can view, modify and add a resource
6 Unused Unused, but user can view, modify and add a resource
7 All All permissions (view, edit, create and delete) to all resources in the group

Access Points
An Access Point is a "point" where an user, a group, or groups of users, is obliged to authenticate itself to SUMO Access Manager before accessing the application.
Every defined Access Point belong to at least one group.

Only the group membership is required to access to an access point, the "access level" is unused in this case.
If you want manage different level of authorization within a group, you must use a special function in your code described here.