Roles in Lanes are a simple Ruby class that inherits from
Lanes::Access::Role. Each role can be granted Read, Write, or Delete on one more more Models, and a User can be assigned many roles.
Additionally fields can be locked to a role. When that is done, other roles cannot access the field even if they have access to the model.
As an example, a user with the Accounting role can perform all actions on Customers and Accounts, and can write to the balance field on Accounts, but does not allow any other Roles to do so.
Users with the Support role can read Customers and Accounts but cannot view the Account balance.
class Accounting < Lanes::Access::Role grant Customer, Account lock Account, :balance end class Support < Lanes::Access::Role read Customer, Account end