Rights in 2 minutes
If you only want the main idea, keep this:
- user type = the user's global level
- role = what the user can do
- access domain = where the user can do it
In Boldo, access is not defined by a role alone or by a domain alone. Access comes from the combination of both.
Choose access
When you set access for someone, ask these questions in order:
- Does this person only need to read, contribute, or administer the organization?
- In which perimeter should they act?
- What should they be allowed to do inside that perimeter?
In practice, this usually means:
| Need | Typical setup |
|---|---|
| Only read shared content and assets | Viewer |
| Contribute in one perimeter only | Editor + one or more roles + the matching access domain |
| Manage organization settings and governance | Administrator |
Keep this distinction clear
Boldo separates two kinds of rights:
- item rights for shared catalog content such as folders, views, diagrams, charts, and nested maps
- asset rights for the knowledge base itself
This is why someone can edit a shared diagram without becoming a global editor of every asset type.
Avoid common mistakes
- using Administrator when Editor with the right roles would be enough
- thinking a role is enough on its own
- thinking an access domain is enough on its own
- mixing up shared content rights and asset rights
Go further
Start with Users to assign the right baseline access.
Then read Understand the access model when you need the full rules, default rows, and detailed rights tables.