(((meta (@ (content . "User roles") (name . "title"))) (meta (@ (content . "manual") (name . "role"))) (meta (@ (content . "#authorization #configuration #manual #security #zettelstore") (name . "tags"))) (meta (@ (content . "zmk") (name . "syntax"))) (meta (@ (content . "00001006020000 00001010000000 00001012921200") (name . "back"))) (meta (@ (content . "00001006020000 00001006020400 00001010000000 00001010040200 00001012921200") (name . "backward"))) (meta (@ (content . "1") (name . "box-number"))) (meta (@ (content . "(c) 2020-present by Detlef Stern <ds@zettelstore.de>") (name . "copyright"))) (meta (@ (content . "20210126175322") (name . "created"))) (meta (@ (content . "00001006020400 00001010040200 00001010070200") (name . "forward"))) (meta (@ (content . "en") (name . "lang"))) (meta (@ (content . "EUPL-1.2-or-later") (name . "license"))) (meta (@ (content . "20220214175212") (name . "modified"))) (meta (@ (content . "20220214175212") (name . "published"))) (meta (@ (content . "public") (name . "visibility")))) (p "Every user is associated with some basic privileges." " " "These are specified in the " (a (@ (href . "00001010040200")) "user zettel") " with the key " (kbd "user-role") "." " " "The following values are supported:") (dl (dt (a (@ (id . "reader")) (@L (@H "&ldquo;") "reader" (@H "&rdquo;")))) (dd (p "The user is allowed to read zettel." " " "This is the default value for any user except the owner of the Zettelstore.")) (dt (a (@ (id . "writer")) (@L (@H "&ldquo;") "writer" (@H "&rdquo;")))) (dd (p "The user is allowed to create new zettel and to change existing zettel.")) (dt (a (@ (id . "creator")) (@L (@H "&ldquo;") "creator" (@H "&rdquo;")))) (dd (p "The user is only allowed to create new zettel." " " "It is also allowed to change its own user zettel."))) (p "There are two other user roles, implicitly defined:") (dl (dt "The anonymous user") (dd (p "This role is assigned to any user that is not authenticated." " " "Can only read zettel with visibility " (a (@ (href . "00001010070200")) "public") ", but cannot change them.")) (dt "The owner") (dd (p "The user that is configured to be the owner of the Zettelstore." " " "Does not need to specify a user role in its user zettel." " " "Is not restricted in the use of Zettelstore, except when a zettel is marked as " (a (@ (href . "00001006020400")) "read-only") "."))))