Roles in Lanes are a simple Ruby class that inherits from Lanes::Access::Role. Each role can be granted Read, Write, or Delete on one more more Models, and a User can be assigned many roles.

Additionally fields can be locked to a role. When that is done, other roles cannot access the field even if they have access to the model.

As an example, a user with the Accounting role can perform all actions on Customers and Accounts, and can write to the balance field on Accounts, but does not allow any other Roles to do so.

Users with the Support role can read Customers and Accounts but cannot view the Account balance.

class Accounting < Lanes::Access::Role
    grant Customer, Account
    lock Account, :balance

class Support < Lanes::Access::Role
    read Customer, Account