📄️ Overview
Authorization is the process of determining what actions an authenticated user or entity is allowed to perform within the system. While authentication verifies the identity of a user (i.e., confirming who they are), authorization controls what they can do after their identity has been verified.
📄️ Permissions
Permissions in Stalwart determine the specific actions and resources that a user, group, or entity is allowed to access. Permissions allow administrators to control fine-grained access to various operations within the mail server, providing a clear distinction between what actions an entity can or cannot perform. Permissions can be assigned directly to individuals, groups, roles, or even entire tenants, giving administrators comprehensive control over access policies.
📄️ Roles
Roles in Stalwart are used to group permissions, making it easier to manage access control across individuals, groups, and tenants. Roles are stored in the directory as principals, just like individuals or groups, and they can also contain subroles (roles within other roles) allowing for a hierarchical structure of access permissions.
📄️ Administrators
In Stalwart, there is no specific concept of dedicated "administrator accounts" within the directory. Instead, regular accounts can be selectively granted specific permissions to perform management tasks. This approach provides a more secure and flexible way to manage access, as it avoids giving users blanket administrative privileges. Instead of an "all-or-nothing" approach, permissions can be carefully tailored to individual needs, ensuring that users only have access to the functions they require.
📄️ Tenants
Multi-tenancy is a feature in Stalwart that allows multiple independent organizations, known as tenants, to share the same mail server infrastructure while keeping their data and resources completely isolated from one another. A tenant is defined as a logical division within the mail server, representing a specific organization or group that has its own set of users, groups, mailing lists, and domains.