Kotti security is based on the concepts of users, groups, roles and permissions.

A user is an entity that can authenticate himself.
A group is a collection of users or other groups.

A permission describes what is allowed on an object.

Permissions are never directly assigned to users or groups but always aggregated in roles.


A Role is a collection of permissions.

Users or groups can have global or local roles.

Global Roles
Global roles are assigned to a user or group via Kotti’s user management screens. They apply to every object in a site. You should use them very rarely, maybe only assign the “Adminsitrator” role to the “Administrator” group. This assignment is present by default in a fresh Kotti site.
Local Roles
Local roles are assigned to a user or group via the “Sharing” screen of a content object. They apply only to this object and its children.