The following figure illustrates how users, groups and roles relate.


In the figure above, there are:

  • Six roles: _run_as, _administrator, _search, _import, _metadata_w, and metadata_r.

  • Two regular groups: regular_user and readonly_user.

    The group readonly_user depends on the roles _search and _metadata_r. The second group, regular_user depends on the roles _import and _metadata_w, and also the group readonly_user.

    In the last relation, readonly_user is called the parent group and regular_user is the child group. A user which belong to regular_user actually has all four roles.

  • Three users: app_user, jdoe, and mrpink.

    The user app_user has the role _run_as, jdoe has the roles _administrator, _search, _import, _metadata_w and _metadata_r and mrpink has the roles _search and _metadata_r.

To visualize the users and groups like above, see User/group visualization.