There are two aspects to this:
Maintaining ECA models¶
TODO: This needs to be described.
User permission when executing models¶
All ECA models are processed under the current user's context. That means, all events, conditions and actions are executed under the current user's permissions. And yes, ECA is checking the permissions for each step and only performs what's allowed under the current user's context.
Of course, sometimes a model needs to perform actions with higher permissions. ECA allows that as well, but the model needs to explicitly switch the user context in order to make that possible. Use the User: switch current account action to change to an appropriate user account.
Note: Switching the user account only lasts for all the successors of that action and will automatically be reset to the previous user account, when all its successors have been completed. This includes possible custom events, that get triggered from one of the succeeding actions.