As we’ve already seen, there are three types of users who will need to access the data in our Recruiting app: recruiters, hiring managers, and interviewers. To these three, let’s add a fourth type of user—a standard employee who doesn’t perform any interviews and who never needs to hire anyone. (This employee will help us determine the default permissions that should apply to all of the new recruiting objects in our app.)
One by one, let’s take a look at the kinds of access that each one of these users needs and, more importantly, the kinds of access they don’t need to do their jobs. Once we’ve compiled a set of required permissions, we’ll figure out how to implement them in the rest of the chapter.