Like @bcorrea stated, the two permissions should definitely be independent of one another.
Suppose we’re talking about Assets:
Edit should give an all encompassing permission to edit any Asset (for admin, super user, etc)
Create should let you create any number of Assets. However, if you Create something, you should be considered the “Owner” of it and could then also edit it.
In some processes the “Process Owner” on the Business side is responsible for the tools/accounts/etc we use (often times when using 3rd party web apps, etc) and therefore it would be ideal if they could update for example the Password for the account used (many are only usable for 6 months before the password needs to be reset) rather than having to get an admin user or something to jump through hoops to communicate with that process owner to update those credentials.
The idea of “Ownership” of created objects would of course require us to be able to “Pass Ownership” as well. In the event that a user is no longer going to be responsible for a process, etc, they should be able to assign it to another user.
Bonus points would be if we got the following functionality as well:
- Allowing the Owner to also assign edit rights to specific users that have access to the tenant on the object
- Let us setup a default Ownership Passing in the server config in the event that a user gets deleted without passing off the ownership of their objects. (Or don’t let a user be deleted without passing ownership and let admin’s override ownership assignments)