From 1f1b785524919e7ba62af2b4fe4009f988975db7 Mon Sep 17 00:00:00 2001 From: webplusai Date: Mon, 23 Dec 2024 08:30:20 +0000 Subject: [PATCH] #8828 update mws documentation (#8848) --- editions/multiwikidocs/tiddlers/Reference.tid | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/editions/multiwikidocs/tiddlers/Reference.tid b/editions/multiwikidocs/tiddlers/Reference.tid index 232925fc2..627bbac3e 100644 --- a/editions/multiwikidocs/tiddlers/Reference.tid +++ b/editions/multiwikidocs/tiddlers/Reference.tid @@ -61,9 +61,9 @@ When you first launch the Multiwiki Server, it operates in an unauthenticated mo !!!! Permission Inheritance * Users receive combined permissions from all assigned roles -* More permissive role takes precedence in conflicts +* When roles grant different permission levels for the same resource, the higher access level is granted. For example, if one role grants "read" and another grants "write" access to a recipe, the user receives "write" access since it includes all lower-level permissions. * Guest access is overridden by recipe ACLs -* System automatically enforces most restrictive access when conflicts occur +* When different permission rules conflict, the system follows a "most restrictive wins" principle: if any applicable rule denies access or requires a higher security level, that restriction takes precedence over more permissive rules. This ensures security is maintained even when users have multiple overlapping role assignments or inherited permissions. This security model allows for fine-grained control over content access while maintaining flexibility for both private and public wiki deployments.