Every user is associated with some basic privileges. These are specified in the user zettel with the key user-role. The following values are supported:
The user is allowed to read zettel. This is the default value for any user except the owner of the Zettelstore.
The user is allowed to create new zettel and to change existing zettel.
The user is only allowed to create new zettel. It is also allowed to change its own user zettel.
There are two other user roles, implicitly defined:
This role is assigned to any user that is not authenticated. Can only read zettel with visibility public, but cannot change them.
The user that is configured to be the owner of the Zettelstore. Does not need to specify a user role in its user zettel. Is not restricted in the use of Zettelstore, except when a zettel is marked as read-only.