Permissions represent fine grained actions that can be mapped to functionality within a given system. Permissions are scoped to Namespace which roughly correlate to modules or sections of functionality within a given system.

A developer would code authorization checks in their application against these permissions.

Some examples would be: 'canSave', 'canView', 'canEdit', etc.

Permissions are aggregated by Roles.

Permissions can be maintained at runtime through a user interface that is capable of workflow; however, developers still need to code authorization checks against them in their code, once they are set up in the system.


Id - a system generated unique identifier that is the primary key for any Permission record in the system

Name - the name of the permission; also a human understandable unique identifier

Description - a full description of the purpose of the Permission record

Namespace - the reference to the associated Namespace


Permission to Role - many-to-many; this relationship ties a Permission record to a Role that is authorized for the Permission

Permission to Namespace - many to one; this relationship allows for scoping of a Permission to a Namespace that contains functionality which keys its authorization checking off of said