...
Permission | Object | Association |
|---|---|---|
view | Can view the object | Can list members of the association and view them |
edit | Can view and edit the object | Can list members and edit any member of the association |
admin | Can view, edit, and change permissions of object | Can list, view, edit, and add/remove members of the association |
manage(?) | Add/remove members of an association might need to be split out from editing members (e.g. the power to enroll vs. the power to administer a participant). In that case admin does not include add/remove rights, that is moved to the manage role. |
Some of these permissions can be powerful. For example, {participants:studyId adminedit} has the power to create accounts and enroll them in a study, or withdraw them later.
...