A user's associated customers are those customers that the user has some permission on. I.e., if a user has any permission on a customer, that customer is part of the associated customers of this user.

The list of assigned customers is for example used when searching and listing customers. The system has to define if a customer that matches the search criteria given by the user shall be included in the search results according to the permissions. Only customers that are in the list of a user's associated customers will be part of the search result.

Evaluation of associated customers

If the user has a role on the system securable and that role includes any customer permission, all customers in the system are available to the user and no further evaluation is needed.

Let cu be the set of associated customers for user u. Before any customer is added to this set, it is checked if that customer is already in the list - i.e., cu contains no duplicates.

For each role assignment the user has on a customer, it is checked if that role assignment is flagged as applicable to related customers only. If not, that customer is added to cu . If yes, that customer is not added. For each relationship type that this role is defined to propagate with, the customer's direct child-customers are evaluated and all child customers that allow role inheritance are added to the list cu . This process is run recursively.