1 files changed, 20 insertions, 5 deletions

diff --git a/schema.sql b/schema.sql
index 412c346..968fb38 100644
--- a/schema.sql
+++ b/schema.sql
@@ -72,7 +72,22 @@ CREATE TABLE views (
 /*
  * Base table for Scrott objects
  *
- * TODO -- explain permissions and set defaults below...
+ * Explaination of permissions...
+ * Every object has an owner, zero or more additional members, and then there is the general
+ * public.
+ *                                              OWNER       MEMBERS         PUBLIC
+ * Permissions are:                         ------------------------------------------
+ *      Access object                           GRANTED     GRANTED         config
+ *      Modify object                           GRANTED     config          DENIED
+ *      Modify members                          GRANTED     config          DENIED
+ *      Modify permissions                      GRANTED     DENIED          DENIED
+ *      Access sub-objects                      GRANTED     config          config
+ *      Create sub-objects                      GRANTED     config          config
+ *      Modify sub-objects                      GRANTED     config          DENIED
+ *      Modify sub-objects' members             GRANTED     config          DENIED
+ *      Modify sub-objects' permissions         GRANTED     DENIED          DENIED
+ *
+ * Permissions can be overridden in sub-objects, but will cascade otherwise.
  */
 DROP TABLE IF EXISTS objects;
 CREATE TABLE objects (
@@ -85,10 +100,10 @@ CREATE TABLE objects (
 
     membModify  int(1)              NOT NULL    DEFAULT 0,      /* members can modify object */
     membMemb    int(1)              NOT NULL    DEFAULT 0,      /* members can modify members */
-    membAccs    int(1)              NOT NULL    DEFAULT 0,      /* members can access sub-objects */
-    membCres    int(1)              NOT NULL    DEFAULT 0,      /* members can create sub-objects */
-    membModifys int(1)              NOT NULL    DEFAULT 0,      /* members can modify sub-objects */
-    membMembs   int(1)              NOT NULL    DEFAULT 0,      /* members can modify sub-obj members */
+    membAccs    int(1)              NOT NULL    DEFAULT 1,      /* members can access sub-objects */
+    membCres    int(1)              NOT NULL    DEFAULT 1,      /* members can create sub-objects */
+    membModifys int(1)              NOT NULL    DEFAULT 1,      /* members can modify sub-objects */
+    membMembs   int(1)              NOT NULL    DEFAULT 1,      /* members can modify sub-obj members */
     pubAcc      int(1)              NOT NULL    DEFAULT 0,      /* public can access object */
     pubAccs     int(1)              NOT NULL    DEFAULT 0,      /* public can access sub-objects */
     pubCres     int(1)              NOT NULL    DEFAULT 0,      /* public can create sub-objects */