Access control and permission management in TheCompanyApp.
Permission Levels
TheCompanyApp uses two-layer permission model:
CloudKit Level: Owner vs Participant, Read vs Write
App Level: Fine-grained permissions via AccessControl entity
CloudKit-Level Permissions
Granted by: Creating the company
Permissions:
Full read/write access to all company data
Add/remove participants to CKShare
Configure share permissions
Delete company (stops sharing)
Cannot be revoked: Ownership is permanent (unless company deleted).
Granted by: Accepting CKShare
Permissions (configurable by owner):
Read-Only: View all data, cannot edit
Read-Write: View and edit all data
Set by Owner:
Checking Participant Permission:
App-Level Permissions (AccessControl)
Purpose: Fine-grained control beyond CloudKit's read/write.
AccessControl Entity
Attributes:
Creating AccessControl
Owner grants permissions to participant:
Result: User can view inventory but not edit, can view and edit orders.
Checking Permissions
Permission Helper:
Disable buttons for unauthorized actions:
Result: "Edit" button disabled if user lacks permission.
Backend Enforcement
Validate before save:
Result: Save blocked if user lacks permission.
Convenience: Create common role configurations.
Usage:
Permission Sync
AccessControl is company-scoped: Syncs via CloudKit like other entities.
Owner creates AccessControl:
Owner's device saves AccessControl → Private Store
CloudKit exports to Private Database
CKShare enlistment (if company shared)
CloudKit syncs to Shared Database
Participant's device imports → Shared Store
Participant sees updated permissions
Timing: Permissions propagate in ~5-60 seconds.
Revoking Access
Remove Participant from CKShare:
Delete AccessControl:
Best Practice: Remove from CKShare first (revokes CloudKit access), then delete AccessControl.
Auditing Permission Changes
Log permission grants/revokes:
View audit trail in Settings → Access Control → History.
Related: AccessControl Guide, Ownership Rules, Security Model