From b8b7805a0a5e57b148a2cc94c6738289cdd57a73 Mon Sep 17 00:00:00 2001
From: Tobias Bengfort <bengfort@mpib-berlin.mpg.de>
Date: Wed, 22 Jul 2020 11:20:55 +0200
Subject: [PATCH] document used permissions

See https://git.mpib-berlin.mpg.de/castellum/castellum/-/merge_requests/1467

We will need to kee the list in sznc with the actual code.
---
 source/organizational/security.rst | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/source/organizational/security.rst b/source/organizational/security.rst
index 4a52162..fd502f7 100644
--- a/source/organizational/security.rst
+++ b/source/organizational/security.rst
@@ -22,6 +22,24 @@ they are collected into meaningful groups (aka roles). Castellum comes
 with some pre-defined sample groups, but you can adapt them to your
 needs.
 
+Note that the django framework automatically generates a lot of
+permissions. Only a few of them are actually used. The full list is:
+
+-  ``studies.view_study``
+-  ``studies.change_study``
+-  ``studies.delete_study``
+-  ``studies.access_study``
+-  ``subjects.view_subject``
+-  ``subjects.change_subject``
+-  ``subjects.delete_subject``
+-  ``subjects.export_subject``
+-  ``recruitment.recruit``
+-  ``recruitment.conduct_study``
+-  ``recruitment.search_participations``
+-  ``recruitment.view_current_appointments``
+-  ``castellum_auth.privacy_level_1``
+-  ``castellum_auth.privacy_level_2``
+
 Study membership
 ~~~~~~~~~~~~~~~~
 
-- 
GitLab