Security / Permission Inheritance Spec


If a user has been granted permissions for a particular Process, then there may be additional objects that are bound to the Process, for which the user may not have explicit access.

Rather than recursively assign the user access to all the items bound to the Process, we want the permissions belonging to the Process to be inherited by the user for the duration of any operation performed by the user on the process. These could be considered temporary permissions, of which the user has no knowledge.

In this way, the user can perform the task without gaining additional permissions that may not be appropriate for most cases.


  • Permission inheritance
    • should allow creation of a role and person
    • should allow creation of a process with a CostLedger
    • should clean up data