table(table table-bordered table-condensed).
|_. tail_type→head_type|_. name→head_uuid {properties}|_. Notes|
-|User→Group |can_manage → _group uuid_|Writable only by a user who can_manage this group|
-|User→Group |can_read → _group uuid_ |Writable only by a user who can_manage this group.
-Gives permission to read any object owned by this group.|
+|User→Group |{white-space:nowrap}. can_manage → _group uuid_|The User can read, write, and control permissions on the Group itself, every object owned by the Group, and every object on which the Group has _can_manage_ permission.|
+|User→Group |can_read → _group uuid_ |The User can retrieve the Group itself and every object that is readable by the Group.|
+|User→Job|can_write → _job uuid_ |The User can read and update the Job. (This works for all objects, not just jobs.)|
+|User→Job|can_manage → _job uuid_ |The User can read, update, and change permissions for the Job. (This works for all objects, not just jobs.)|
+|Group→Job|can_manage → _job uuid_ |Anyone with _can_manage_ permission on the Group can also read, update, and change permissions for the Job. Anyone with _can_read_ permission on the Group can read the Job. (This works for all objects, not just jobs.)|
h3. resources
projects / arvados.git / blobdiff