Roles are a way to assign very granular permissions to users. These permissions can either be global for the current community group, or only applied to one object.

1. Terminlogy

1.1. Role

A role is basically a collection of permission flags - they do only define what users with this role can do - they do not define on which objects these permissions apply.

1.2. Permission flags

Permission flags are predefined (in the code) permissions - for example for posting new threads, moving threads, etc.

These are hardcoded (comparable to django permissions) and checked within the code. they can not be configured, but added to roles.

1.3. Members

To assign a role to a given django user you add them as 'Members' of the role.

A member can either be global or can have restrictions. A restriction of am membership means, that the role only applies for one single object for the given user.

This allows you to define for example that a user can only lock threads in a specific forum category.