When you use one of the AuthorizationManager objects to assign or modify permissions, you use a Permission data object. Permission associates a principal with a set of privileges. A permission identifies:
- The user or group (principal) to which the permission applies.
- The role containing the privileges that should be granted to the user or group.
- The managed object reference to the entity to which the permission applies.
Every managed entity has at least one Permission object associated with it. A managed entity can have more than one Permission assigned to it, effectively granting different privileges to different users or groups. Permissions are defined for managed entities either explicitly or through inheritance.