Every user is associated with some basic privileges. These are specified in the user zettel with the key user-role. The following values are supported:
- The user is allowed to read zettel. This is the default value for any user except the owner of the Zettelstore.
- The user is allowed to create new zettel and to change existing zettel.
- The user is only allowed to create new zettel. It is also allowed to change its own user zettel.
There are two other user roles, implicitly defined:
- The anonymous user
- This role is assigned to any user that is not authenticated. Can only read zettel with visibility public, but cannot change them.
- The owner
- The user that is configured to be the owner of the Zettelstore. Does not need to specify a user role in its user zettel. Is not restricted in the use of Zettelstore, except when a zettel is marked as read-only.