At the moment, it seems like the current permission levels could be represented as follows:
|Level||View entities||Edit entities assigned to me||Edit entities||Configure views||Configure types|
I think there may be a need for other combinations, e.g.
- a user who can edit entities assigned to him/her but cannot view any other entities
- a user who can configure the app but not create/edit the content (a.k.a. entities)
- a user who can view entities (but not edit them) and can configure the setup of a view (e.g. change table sort order, apply filters, choose which fields/columns are visible)*
To do this, I wonder if it might be useful to consider permissions along separate dimensions, namely:
- Entity viewing
- Entity editing
- View configuring
- App/type configuring
and allowing for the permission level in one of these dimensions not to be uniquely tied to a specific permission level in another dimension.
* I realise that this functionality has some connection with discussions regarding ‘personal’ vs ‘global’ views: