Just like all the other parts of CzechIdM, what you can do within the property module is governed by permissions.
The module comes with several preconfigured roles with permissions which you can easily use.
This is the role that every user implicitely has. By default, the user has permission to READ, COUNT, and AUTOCOMPLETE on the property assigned to them. They also have permission to AUTOCOMPLETE on sets.
This role is intended to be assigned to set guarantors. It allows to manage the sets for which they are the guarantors and make changes in every agenda. This means that they have permissions to CREATE, UPDATE or DELETE the property in their sets.
Think of this role as the set superAdmin. It is similar to the setGuarantorRole, but the user with this role has the permissions for all sets.
This evaluator is used to ensure that users have the permissions for property which is assigned to users for whom they have permissions. Typically, this means the a user can see the property assigned to their subordinates.
This evaluator is used to ensure that users have the permissions for property which is a part of a set for which they have permissions.
This evaluator is used to ensure that users have the permissions for property which they have assigned.
This evaluator is used to ensure that users have the permissions for sets for which they are a guarantor.
This evaluator is used to ensure that users have the permissions for set guarantor (by identity) for a set for which they have permissions.
This evaluator is used to ensure that users have the permissions for set guarantor (by role) for a set for which they have permissions.
This evaluator is used to ensure that users have the permissions for set roles for a set for which they have permissions.