Permissions

Here you can see which user can do what.

Create/Delete User

1. Root
2. Admin

Update User

1. Root
2. Admin
3. DB_Users can change own password

Create Team

Every User can create a new Team

Update Team

1. Teammember
2. Teamadmin

Delete Team

1. Admin
2. Root

Root and Admin can also delete teams if they are no Teammember

Add/Remove Teammember

1. Teammember
2. Teamadmin

Create/Delete/Update Group

1. Teammember
2. Teamadmin

Create/Delete/Update Account

1. Teammember
2. Teamadmin

User Model	Actions	Attributes	Admin	Conf Admin	User
	Create		x	x
	Delete		x	x (only non-admins or admins whose LDAP has been deleted
	Edit	Firstname	x	x (only of non-admins)
		Lastname	x	x (only of non-admins)
		Username	x
		Password	x
	Make Admin		x
	Make ConfAdmin		x	x
	Unlock		x	x

Team Model	Actions	Admin	Conf Admin	User	Api User	Any Role if Teammember
public
	List in admin/teams	x	x
	Create	x				x
	Delete	x	x (only if just one user left)
	Add member	x				x
	Remove Member	x				x
	Add Group	x				x
	Edit Group	x				x
	Remove Group	x				x
private
	List in admin/teams	x	x
	Create					x
	Delete	(x)	x (only if just one user left)			x
	Add member					x
	Remove Member					x
	Add Group					x
	Edit Group					x
	Remove Group					x
	Show Team				if enabled for team and user human teammember	x
	Show Group				if enabled for team and user human teammember	x
	Show Account				if enabled for team and user human teammember	x

Group Model	Actions	Any Role if Teammember
	Create	x
	Delete	x
	Update	x

Account Model	Actions	Admin/Config Admin/User if Teammember	API User
	Create	x
	Delete	x
	Update	x	x
	Move	x
	Item Managing	x

Admin Tasks			Admin	Conf Admin	User
	Change Password		x	x	x (his own)
	Settings	Update	x	x
	Recrypt Requests
		Send	x		x (his own)
		Receive/Handle	x
	Maintenance Tasks
		Set root as admin	x
		New root password	x
		Removed ldap users	x	x