Privileges#

Permissions and privileges are organized via organization-memberships of persons:

• a person can be assigned to an organization
• this assignment has zero, one or multiple roles
• roles are encoded into a person's ID token
• the privileges from multiple assigned roles are combined

The following roles exist:

Identifier	Manage organization, users, data	Change subscription	View contract, invoices	Use TeamBeam Transfer	Create root folder in TeamBeam Archive	Create Space in TeamBeam Drive
Organization.Admin	✅	✅	✅
Contract.Admin		✅	✅
Contract.Read			✅
Service.Transfer.Use				✅
Service.Transfer.Archive.CreateRoot					✅
Service.Drive.CreateSpace						✅