The permissions available within Plato are determined by the features you have enabled within your Plato installation.
Permissions are associated with roles. For each role within Plato you can enable or disable permissions. Whenever you enable features within Plato these features will appear with there own set of permissions under the role. You can see below we are editing the Administrator role and reviewing the permissions granted to administrators for our Plato.Articles module...
Permissions within Plato are represented as claims and these claims are associated with roles. You can enable or disable permissions for any role.
For example for the administrator role you would want to enable the "Can access administrator dashboard" permission for this role whilst leaving this permission disabled for all other roles - you don't want anonymous users being able to access your administrator dashboard.
This way once you associate a user with the administrator role by editing there profile through the Plato administrator dashboard that user would now have permission to access the administrator dashboard.
It's worth noting that users can be associated with one or more roles. If a permission is enabled for any of the roles associated with a user then authorization will pass and the user will be granted that permission even if the permission is disabled within another role associated with the user.
All authorization checks within Plato use the
IAuthorizationService abstractions provided by .NET Core and are enforced through
IAuthorizationHandler implementations. Our authorization model should be very familiar for .NET Core developers.