Group (Authorization Management)
Authorization System
BWEB integrates a 3-level rights system to finely control access to your application. Groups define sets of rights assigned to users.
The 3 Levels of Rights
| Level | Scope | Example |
|---|---|---|
| Domain | Global access to the entire domain | Only admins can access the back-office |
| Page | Access to a specific page | "Settings" page reserved for super-admins |
| Block | Visibility of a block on a page | "Delete" button visible only to admins |
Group Management
From this interface, you can:
- Create a group: define a name and description
- Assign rights: associate the group with domains, pages or blocks via the
userRightUuidfield - Manage members: add or remove users from the group
Rights Inheritance
Rights follow an inheritance logic:
- If a domain has a right, all its pages inherit that restriction
- A page can add an additional restriction (intersection of rights)
- A block can further limit visibility (the block does not appear if the user does not have the right)
Special Users
- Administrator: full access to all pages and features
- Anonymous user: non-logged-in visitor, access to public pages only
Best Practices
- Create groups by business role (admin, editor, reader) rather than by person
- Use domain-level rights to separate admin and public site
- Test rights with a non-admin account before going to production