Permissions

Mayan EDMS provides very fine control over which actions users can perform. Action control works by allowing roles, that are composed of groups of users to be granted a permission such that the holder of that permission can exercise it throughout the entire system.

blockdiag Users Groups Roles Permissions

In other words, users themselves can’t hold a permission, permissions are granted only to roles. Users can’t directly belong to a role, they can only belong to a group. Groups can be members of roles. Roles are system permission units and groups are business organizational units.