Security Business Rules on Entities - SeedCompany/cord-docs GitHub Wiki

We have a few rules on how to decide whether or not a user can see a domain entity (language, project, engagement, etc.), and if they can, what specific properties can they see and what can they edit.

The 2 concepts that determine base access to a domain entity are sensitivity and project membership. The 2 concepts that govern the properties a user has access to (read/edit) are the user's global role and their role on each specific project (when a project node is in question).

Sensitivity of a language is determined by...

Sensitivity of a project is determined by...