- 🇳🇱Netherlands kingdutch
I realise this has been open for a while but as someone who was part of creating the original design, I want to clarify Bojan's above message a little bit.
By default all scopes must map to a permission. However in a hierarchy you might want to have a scope which provides multiple other scopes without itself being tied to providing a new permission. The only difference between an umbrella scope and non-umbrella scope is that the umbrella scope does not require the assignment of a role or permission. It can be nested anywhere in the tree.
- Non-umbrella scope: user (provides "administer users" permission)
-- Non-umbrella scope: user:list (provides permission: "list user")
-- Umbrella scope: user:profile (provides no permissions on its own)
--- Non-umbrella scope user:profile:email (provides permission: "view any email profile field")
--- Non-umbrella scope user:profile:address (provides permission: "view any address profile field")
--- Non-umbrella scope user:profile:phone (provides permission: "view any phone profile field")I believe this issue should be "Closed (works as designed)"
- Status changed to Closed: works as designed
12 months ago 10:56am 26 December 2023