Skip to content

Permissions overview

Permissions in Minyu control who can see data and who can change it.

Instead of assigning permissions directly to users or roles, Minyu evaluates permissions using classifications and rules. These rules determine whether a specific row should be visible or editable in a given situation.

Because permissions are defined this way, they are applied consistently across the system.

Classifications as the foundation

All permission logic in Minyu is based on classifications.

A classification evaluates to either true or false for a specific row and context.
It may depend on things such as:

  • the current user
  • related records
  • filters or conditions
  • time

Permission rules do not evaluate conditions themselves.
Instead, they reference classifications and interpret their result.

Read about classifications

Read rules

Read rules control visibility.

Each rule determines whether a row should be visible or hidden.

Possible outcomes are:

  • Allow – the row is visible
  • Block – the row is hidden

Read rules are evaluated whenever data is accessed.
If a row is blocked, it behaves as if it does not exist for that user. It cannot be viewed, counted, or referenced.

See read rules

Write rules

Write rules control whether data may be changed.

When a user attempts to create or modify a row, applicable write rules are evaluated.

Write rules may:

  • examine the current values of the row
  • examine the proposed new values
  • reference classifications
  • depend on related records or time

Write rules can produce different outcomes such as informational messages, warnings, or errors.

Only rules that produce an error prevent the change from being saved.

See write rules

Imports and write rules

Write rules are not evaluated during import operations.

Imports bypass write rules so that data can be loaded or migrated without being blocked by operational constraints.

Other validation mechanisms may still apply.

Read policy

Each table defines a read policy, which determines the default visibility of rows.

The policy defines whether rows are:

  • visible by default unless blocked, or
  • hidden by default unless explicitly allowed

Read rules are then evaluated relative to this starting point.

See read policies

Evaluation context

Permission rules are evaluated based on the current context, including:

  • the active user
  • the row being accessed or modified
  • related records
  • the current time

Because permissions depend on classifications, changes in data immediately affect visibility and edit permissions throughout the system.

Related concepts