Skip to content

Overview

Purpose

Minyu separates system configuration rights from operational data access rules. This ensures that system design and daily data usage are controlled independently.

Administrators vs. User Permissions

Minyu distinguishes between:

  • Administrators – configure the system
  • Regular users – operate within configured rules

Administrator rights:

  • Are a single system-level flag
  • Are not governed by read/write rules

  • Grant access to:

    • Domain model configuration
    • Classifications
    • Rules
    • System settings

Unlimited Access

Because administrators can modify all system settings, they inherently have full access to all data in the system. The administrator role is therefore intended strictly for configuration and commissioning. In production use, the administrator flag should be removed from all operational users so that access is enforced solely through read and write rules. At least one trusted system account must always retain the administrator flag to allow future system changes and maintenance.

Read vs. Write Rules

Minyu uses two independent rule types:

Type Purpose
Read rules Control which rows a user is allowed to view
Write rules Control whether a user may create, modify, or delete data

Here is a clean, standalone header + section that explains role dependency precisely and technically:

Role-Based Rule Scoping

All read and write rules in Minyu can be scoped to roles, allowing the same classification logic to be enforced differently for different user groups.

Each rule can be configured with:

  • Included roles – the rule only applies to these roles
  • Excluded roles – the rule applies to all roles except the selected ones
  • No role selection – the rule applies globally to all users

Classifications as the Rule Engine

All permissions in Minyu are driven by classifications:

  • Value classifications
  • Relational classifications
  • Logical classifications

Each classification resolves to true or false and determines whether a rule is applied.

Global Access Policy

Minyu supports two global read strategies:

  • Optimistic – everything visible unless denied
  • Pessimistic – nothing visible unless explicitly allowed

Conflict resolution is always deny first, regardless of policy.

Automated Enforcement

Permissions are enforced automatically and consistently across tables, lists, dashboards, forms, and APIs, with data changes applied immediately and rule changes propagated system-wide within minutes.