Permissions

Permission checks combine user roles, object ACL, lifecycle, client context, and module-specific logic.

Write operations must be especially careful because a user may have read visibility without permission to change state or properties.