XIVAuth allows the creation of “teams” of users, which can be used to control resource ownership and access at a granular level. Any user may be part of a Team.
Team Roles
Teams have four roles:
- Admins are given full permission to do anything on a Team, including promote/demote other admins and delete the Team itself.
- This is worth mentioning in highlighted and bolded text: Admins may promote or demote other Admins. Only give this role to users you trust absolutely! This also means that XIVAuth will not intervene if an admin is forcefully removed, as that trust was explicitly given.
- As a special exception, Admins of a subteam are not allowed to delete the subteam itself, but may delete subteams of that subteam.
- Managers are permitted to invite/remove members, move users between Member and Developer roles, and manage applications.
- Developers are permitted to create new applications in a Team and manage applications owned by that Team (including the ability to delete applications).
- Members are permitted to use Private Apps belonging to that Team.
|
Admins |
Managers |
Developers |
Members |
| Use private apps assigned to the Team |
Yes |
Yes |
Yes |
Yes |
| Create a new App |
Yes |
Yes |
Yes |
No |
| Modify an existing App |
Yes |
Yes |
Yes |
No |
| Delete an existing App |
Yes |
Yes |
Yes |
No |
| Invite members |
Yes |
Yes |
No |
No |
| Remove members |
Yes |
Yes |
No |
No |
| Assign Developer permissions |
Yes |
Yes |
No |
No |
| Ignore Inheritance Disabled Flag |
Yes |
Yes |
No |
No |
| Edit team name and settings |
Yes |
Yes |
No |
No |
| Assign Manager or Admin permissions |
Yes |
No |
No |
No |
| Create/Delete subteams |
Yes |
No |
No |
No |
| Delete the Team |
Yes* |
No |
No |
No |
- Admins may only self-delete a team if the team is the root team.
Team Inheritance
By default, a child Team will include all members from their parent Team. This, however, can be disabled to stop Developers and Members from propagating down the chain. Admins and Managers will always flow down the full tree.
This means that permissions, generally, flow down the tree. For example:
- Admins and Managers may manage any application or any team at any point below them in a tree.
- If a Private App is owned by a child team, that team and all parent Teams can access that App, so long as inheritance remains enabled.
- Conversely, child teams are not permitted to access their parent’s Private Apps.
- Disabling inheritance will block parent team members from accessing a child team’s Private Apps, with the exception of team Managers (as they always flow down).