Django generates a set of permissions for each model. All permissions are prefixed with cube.. For example, for the Product model, the following permissions are generated:

  • cube.add_product

  • cube.change_product

  • cube.delete_product

  • cube.view_product

Hermine only uses a subset of these permissions to control access to the different views, but you can still use them if you want fine control over the access to the admin.

Permissions used by Hermine

Hermine uses permissions according to the following rules:

  • cube.view_release gives access to a release summary, SBOM (view and export), validation state and obligations.

  • cube.change_release allows to change the release details and exploitation mode.

  • the special permissions cube.change_release_bom is used for uploading releases SBOM.

  • cube.view_*, cube.add_*, and cube.change_* are used for other views.


The following groups are created by default:

  • Project manager

  • Legal

  • Compliance officer

  • Guest

The “Admin” profile is not a group per but a user.is_staff attribute.

(See the Django migration for details)