Permissions

Django generates a set of permissions for each model. All permissions are prefixed with cube.. For example, for the Product model, the following permissions are generated:

cube.add_product
cube.change_product
cube.delete_product
cube.view_product

Hermine only uses a subset of these permissions to control access to the different views, but you can still use them if you want fine control over the access to the admin.

Permissions used by Hermine

Hermine uses permissions according to the following rules:

cube.view_release gives access to a release summary, SBOM (view and export), validation state and obligations.
cube.change_release allows changing the release details and exploitation mode.
the special permissions cube.change_release_bom is used for uploading releases SBOM.
cube.view_*, cube.add_*, and cube.change_* are used for other views.

Groups

The following groups are created by default:

Project manager
Legal
Compliance officer
Guest

The “Admin” profile is not a group per but a user.is_staff attribute.

(See the Django migration for details)