Mayan EDMS provides very fine control over which actions users can
perform. Action control works by allowing
roles, that are composed of
users to be granted a
permission such that the holder of
that permission can exercise it throughout the entire system.
In other words, users themselves can’t hold a permission, permissions are granted only to roles. Users can’t directly belong to a role, they can only belong to a group. Groups can be members of roles. Roles are system permission units and groups are business organizational units.