"Have permission" vs "have a permission"

We have a small discussion with colleagues regarding the article usage in a sentence "Make sure that the user has a permission to execute X".

Should I use "a" article there? E.g.

Make sure that the user has a permission to execute X.

vs

Make sure that the user has permission to execute X.

Is there any rule that permits to omit an article here?


Solution 1:

In the above example, in a computer context, either form is "legal". The choice really has to do with the wider context of how you are discussing permission, and therefore which form is more consistent.

Eg, if the set of bits controlling permission is referred to as "permissions" (vs, say, "permission bits") then "a permission" is appropriate. But if "permissions" is not used in describing the set then the article "a" is likely inappropriate.

Solution 2:

Permission is an uncountable noun:

(noun [ U ] UK) ​

  • If someone is given permission to do something, they are allowed to do it:
    • [ + to infinitive ] You will need permission from your parents to go on the trip.

note:

Permit vs permission:

  • The countable noun permit (pronounced /ˈpɜ:mɪt/) refers to an official document that allows you to do something or go somewhere. The uncountable noun permission refers to when someone is allowed to do something. It does not refer to a document.

Checking with Ngram you can see that "permission" is also used as a countable noun, not only in information technology contexts. I think the reason is that it is often used with the meaning of a single instance, like a permit.

Solution 3:

I'm sure you realise most advanced access control schemes have

  • resource
  • user
  • user group
  • role
  • permission

On one end is the user, attempting to access the resource on the other end.

There are a couple of granularity of access, with *ix OS being read/write/execute/sticky, and Windows being read/write/execute/list/delete/other-whatnots.

Let's stick to the simple, where permission is granted by the resources as

  • read
  • write
  • exec

The resource may grant such permission either to individual users, a user group, or to a role.

Where a role may be appropriately named such as admin, sys, nobody, public, trumplover, highstrunguser, etc.

Where a user or a group can be tagged as having a number of roles.

As you can see, there are multiple ways a user can have executable access to a resource.

Therefore, you should not even use the term "permission" because "permission" is only one facet of the access flow. The accepted term is "access", that is why such schemes are called Access Control, ACL (Access Control Lists).

The way we say it is

Make sure the user has execute access with application-resourceA on cpu-resourceB.

Since there are multiple ways the user may be allowed this execute access, and you wish to emphasize at least one execute access pathway, you would say

Make sure the user has an execute access with application-resourceA on cpu-resourceB.

However, you say "make sure user has an execute permission", when you are intending to say to your colleagues,

I wish to test our new fangled ACL scheme. Please make sure each of the 100 users has an execute permission. Each user's execute permission can either be from the application or from the server, or both. That execute permission could be granted directly to the user, or to one of its user-groups, or to one of its roles. Each user should have an execute permission, and no two users should have the same ACL combination. I want to trace the execute attempts of different ACL combinations.