-* django-permissions is a generic framework for per-object permissions for
- Django based on roles: http://en.wikipedia.org/wiki/Role-based_access_control
+django-permissions is a generic framework for per-object permissions for Django based on roles. It follows the concepts as outlined in django.contrib.auth and implements its API to provide row-level permissions. By applying the provided custom authorization backend, you can easily check a user's permissions with user.has_perm, exactly as you would do it with the django.contrib.auth. Additionally, decorators and template tags are provided for convenience.
+By default, django-permissions, is based on roles http://en.wikipedia.org/wiki/Role-based_access_control. But to cover various uses cases and reduce complexity where not required, it can easily be customized via settings such that it does not apply the roles concept, but works with the standard Django users and groups only.
-* Permissions are granted to roles (and only to roles) in order to allow
- something to users or groups which have these roles.
+There are various alternative tools and approaches. Django itself does provide authentication and permissions, but only by content type and not by object. But Django's approach enables customized authorization backeends http://docs.djangoproject.com/en/1.2/topics/auth/#handling-object-permissions, as they are used by django-permissions. Next to django-permissions, there are other apps that provide their own approach and custom backends like django-guardian, django-authority or django-rulez.
-* Roles are used to grant permissions. Typical roles are *Reader*, *Manager*
-* Local roles are roles which are assigned to users and groups for specific
-* Users are actors which may need a permission to do something within the
-* Users can be member of several groups.
-* User can have several roles, directly or via a membership to a group
- (these are considered as global).
-* User can have local roles, directly or via a membership to a group. That is
- roles for a specific object.
-* Users have all roles of their groups - global and local ones.
-* Users have all permissions of their roles - global and local ones.
-* Groups combines users together.
-* Groups can have roles (these are considered as global).
-* Groups can have local roles, that is roles for a specific object.
-* Groups has all permissions of their roles - global and local ones.
-* Users of a Group have the group's roles and permissions.