update doc for per-request-permission

docs/features/architecture.md

@@ -279,6 +279,24 @@ Table ensuring that users belong to user groups
 | ``Id_usergroup`` | int | Foreign key linking to the USERGROUPS table | *1*
 | ``Id_user`` | int | Foreign key linking to the USERS table | *1*
 
+#### REQUEST_USERS
+
+Table granting permission to users at the request level
+
+| Attribute | Type | Description | Example |
+| --- | --- | --- | --- | 
+| ``Id_request`` | int | Foreign key linking to the REQUESTS table | *1*
+| ``Id_user`` | int | Foreign key linking to the USERS table | *1*
+
+#### REQUEST_USERGROUPS
+
+Table granting permission to users groups at the request level
+
+| Attribute | Type | Description | Example |
+| --- | --- | --- | --- | 
+| ``Id_request`` | int | Foreign key linking to the REQUESTS table | *1*
+| ``Id_usergroup`` | int | Foreign key linking to the USERGROUPS table | *1*
+
 ### Deletion of database elements
 
 The table below shows the constraints and triggers established directly in the database for managing cascading deletions.

docs/features/user-guide.md

@@ -111,7 +111,7 @@ The home page provides a real-time overview of the application's activity, inclu
 * Requests in progress
 * History of completed requests
 
-**Administrators** can view all requests. **Regular users** only see requests associated with processes where they are assigned as operators.
+**Administrators** can view all requests. **Regular users** only see requests associated with processes where they are assigned as operators, or requests for which they have been granted permission (see ``appplication.features.perRequestOwnership`` parameters in [Application settings](../getting-started/configure.md#application-settings)).
 
 The page updates automatically based on the refresh interval defined in the application settings (see [Orchestration Section](./admin-guide.md#orchestration)). By default, this interval is set to 20 seconds.
 
@@ -237,6 +237,14 @@ If the result of the request could not be sent to the original server, following
 * **Restart**: Deletes all files generated so far for this request and runs the process from the beginning.
 * **Cancel**: The administrator determines that the request cannot be processed successfully. It will then be rejected and exported without result. A comment must be entered to explain to the customer why their request was rejected.
 
+### Additional assigned users
+!!! Info 
+    This fearture is diabled by default. To enable it, got to the application settings and set the parameter `appplication.features.perRequestOwnership` to `true` (see [Application settings](../getting-started/configure.md#application-settings))
+
+![per-request-permission](../assets/user-guide/per-request-permission.png)
+
+With this section, an operator can grant permission on the current request to any other Extract user or users group by adding them in the `Opérateurs attitrés` field and clicking `Enregistrer`.
+
 ### Request information
 
 #### Customer response

docs/getting-started/configure.md

@@ -9,6 +9,10 @@ title: Configure
 **application.external.url**<br>
 URL to access the application. This value is used to generate links in notification e-mails.
 
+**appplication.features.perRequestOwnership**<br>
+Default to false. If set to true, a user assigned to a request can grant permission to any other user or users group on the single request.
+Warning : the default ACL on requests is modified (normally, assigned users or users groups are defined at the process level and have permission to all requests associated to the process).
+
 **database.encryption.secret**<br>
 Random 32-character ISO-8859-1 string used as key to encrypt certain database values.