Permissions are pretty straightforward -- for any process, I can specify the level of permission of any group or user. Permission levels are Owner, Viewer, Execute, and None. To determine the privilege level of a user against a particular process, I take the maximum level afforded any of the groups the user belongs to. Note that since administrative tasks will also be considered processes, we end up with a very flexible and powerful permission system for all aspects of system administration. Processes which appear in this list are those to which I have owner privilege. (If I'm an administrator, everything appears.)
Process Permissions
Equipment purchase request
Update permissions
Owner:Michael Roberts
Viewer:Joe User
Add user (system task)
Update permissions
Execute:System User Administrators