Subordination rules (subordination)

Table of Contents

Description
Limitations
Fields
See also
- API

Description

A set of rules defines the subordination relationship between users.
Relationships are defined between users, groups and roles. There is also a special type - ALL ('all').
Each relationship is defined between one higher-level element of one of the types and several lower-level elements of one of the types.
Groups and users are specified by identifiers, roles are specified by names.

By default, the rule "ALL TO ALL" is added. If this rule is present, all other rules are irrelevant.

Based on the set of subordination rules, a subordination cache is computed that contains user-cited and abbreviated subordination lists.
If there is an ALL TO ALL subordination rule, the cache contains only it. The key is the string "all". Otherwise, the cache contains one item for each user with a non-empty list of subordinates (including himself).
When a user subordinates all other users (including himself) to a user, the 'all' value (in the list) is cached for that user.
In other cases, the identifiers of all other users subordinate to the user are listed for the user based on the rule sweep via group and role disclosure.

Limitations

After the change after 5 seconds, but no later than 30 seconds.

Fields

Entity structure

{
  "id": uuid,
  "top_type": str,
  "top_key": str,
  "sub_type": str,
  "sub_keys": array<str>,
  "opts": {
    "title": str,
    "comment": str
  },
  "ext": {
    "ct": date,
    "lwt": date
  }
}

Description of the specification’s characteristics

Table 1. Fields
Specification	Description
Field: `id` Mode: `inout` Type: `uuid` Default: generated	Identifier. Can be specified at creation, otherwise generated by the system.
Field: `top_type` Mode: `in` Type: `str` Default: required	Type of superior element. Possible options: `all` - all users in the domain ('top_key' is irrelevant). `user` - domain user. ('top_key' contains the ID of an existing user). `group` - domain group. ('top_key' contains the ID of an existing group). `role` - user role available in the domain. ('top_key' contains the role name).
Field: `top_key` Mode: `in` Type: `str` Default: empty	The identifier of the superior element of the corresponding type ('top_type)'. The element with the specified type and identifier must exist in the domain. Not applicable if 'top_type' is set to 'all'.
Field: `sub_type` Mode: `in` Type: `str` Default: required	Type of subordinate elements. Possible options: `all` - all users in the domain ('sub_keys' is irrelevant). `user` - domain user. ('sub_keys' contains the IDs of existing users). `group` - domain group. ('sub_keys' contains identifiers of existing groups). `role` - user role available in the domain. ('sub_keys' contains role names).
Field: `sub_keys` Mode: `in` Type: `array` Default: empty	List of subordinate element identifiers of the corresponding type ('sub_type'). Elements with the specified type and identifiers must exist in the domain. Does not apply if 'sub_type' is set to 'all'.
Field: `opts` Mode: `in` Type: `object` Composite field
Field: `opts.title` Mode: `in` Type: `str` Default: empty	Arbitrary header
Field: `opts.comment` Mode: `in` Type: `empty` Default: "	Arbitrary comment
Field: `ext` Mode: `inout` Type: `object` Compound field	Allows you to extend the compound with arbitrary keys and values
Field: `ext.ct` Mode: `out` Type: `date` Default: generated	Object creation time
Field: `ext.lwt` Mode: `out` Type: `date` Default: generated	Time of last modification of the object

Subordination rules (subordination)

Description

Limitations

Fields

See also

API