Basic permission (permission)
Based on the experience gained from RBAC, you can consider those started with _ as permission permits, while others as roles. In this way, other objects such as people/groups and dynamic objects can use either of them (permission and role.
_ Readproperties
Read attribute: restrict the reading of attributes of a node. The access control and attribute control of node content are separated. All attributes have the same restrictions.
_ Readchildren
Read sub-nodes: Restrict read access to sub-nodes. These permission permits can be set on independent sub-nodes. If this permission is not granted, you cannot view any subnodes.
You can find some subnodes when searching. It is not necessary to check whether the parent node of a node is visible. This constraint can be added to the configuration.
_ Writeproperties
Write attribute: Restrict writing of all attributes of a node. Content Access Control and property control are separated. All attributes have the same access restriction.
_ Readcontent
Read content: Restrict Access To node content.
_ Writecontent
Write content: restrict the creation and modification of node content.
_ Executecontent
Execution content: restrict access to the execution content.
_ Deletenode
Delete a node: restrict the deletion of a node. Currently, you do not have the permission to check the subnode When deleting a node. You can delete all the subnodes in the node. You can modify the configuration file to support the check. It takes a lot of resources and time to check whether the subnode can be deleted.
_ Deletechildren
Delete subnodes: restrict the deletion of subnodes. Similarly, you cannot move the connection to a node to another node.
_ Createchildren
Create a subnode: restrict the creation of new subnodes.
_ Linkchildren
Associate subnodes: restrict the creation of non-parent-child relationships to other nodes.
_ Deleteassociations
Delete Association: restrict the deletion of non-subnode relationships.
_ Readassociations
Read Association: restrict the reading of non-node relationships.
_ Createassociations
Create Association: restrict the creation of non-node associations.
_ Readpermissions
Read Permission permission: Restrict read permission.
_ Changepermissions
Modify permission: Restrict write permission.
A simple combination of permission permits
These are simple permission combinations that can be used to implement more complex combinations. These simple permission permits are usually used to control access to public service methods.
Fullcontrol
A permission group that includes all permission permits.
Readproperties
Read attribute permission, from basic permission _ readproperties.
Readchildren
Permission to read sub-nodes, from basic permission _ readchildren.
Writeproperties
Write property permission, from basic permission _ writeproperties.
Readcontent
Permission to read content, from basic permission _ readcontent.
Writecontent
Write Permission permission, from basic permission _ writecontent.
Executecontent
Execute the content permission license, from the basic permission license _ executecontent.
Deletenode
Delete the node permission from the basic permission _ deletenode.
Deletechildren
Delete the subnode permission from the basic permission _ deletechildren.
Createchildren
Create a subnode permission license from the basic permission license _ createchildren.
Linkchildren
Permission to connect to the subnode, from the basic permission license _ linkchildren.
Deleteassociations
Delete the associated permission from the basic permission _ deleteassociations.
Readassociations
Read Association permission, from basic permission _ readassociations.
Createassociations
Create an associated permission license from the basic permission license _ createassociations.
Readpermissions
Permission to read node permissions, from basic permission _ readpermissions.
Changepermissions
Modify the permission of the node, from the basic permission _ changepermissions.
A complex combination of permission permit crud operations
These combinations are permission licenses for a node CRUD operation.
Read
Read, including readproperties, readchildren, and readcontent ).
Write
Write (corresponding to updates in crud), including writeproperties and writecontent ).
Delete
Delete, including Enode and deletechildren ).
Addchildren (create in crud)
Add a subnode (corresponding to the creation in crud), including createchildren and linkchildren ).
Execute
Execution, including only the execution content executecontent.
Complex permission groups for Business Objects
Administrator
Administrator with all Permissions
Coordinator
Collaborators, including all custom permissions and permission groups.
Collaborator
Collaborators, including editors and contributors permission groups.
Contributor
Contributor, including the consumer permission group and add the check-out permission for sub-nodes and versions.
Editor
Editors, including consumer permission groups and check-out permission for write and version.
Consumer
Consumer, including all read permission permits.
Recordadministrator
Record administrators, including reading attributes, reading subnodes, writing attributes, reading content, deleting subnodes, creating subnodes, connecting subnodes, deleting associations, and creating associations.
Permission related to the owner
Basic permission
_ Setowner
Restrict the permission of a node. This license also requires _ writeproperties, and _ writeproperties is not necessarily included, you need to set it yourself.
Simple combination
Setowner
Include _ setowner
Complex combinations
Takeownership
Contains setowner.
Lock version-related Permissions
Basic permission
_ Lock
Lock to limit the setting of a node lock.
_ Unlock
Unlock: limits the setting for unlocking a node.
Simple permission combination
Lock
Locks, including _ Lock
Unlock
Unlock, including _ unlock
Complex permission and license combinations
Checkout
Check out, including lock.
Checkin
Check in, including unlock.
Cancelcheckout
Cancel check-out, including unlock.
Global permission
These permissions are allowed to be applied to all nodes, whether or not they are in the repository.
Fullcontrol
Authorize role_administrator to do anything in this group.
Fullcontrol
Authorize role_owner, which has all permissions. Contributors interact with the content. By default, they need to create the content. Other permissions actually come from the nodes they own. The owner is defined by ownable aspect, or this aspect does not reflect the creator of the node.
Unlock
Including role_lock_owner. The lock owner can release the lock.
Checkin
Including role_lock_owner. The lock owner can check the document and overwrite the document to obtain the lock.
Cancelcheckout
Including role_lock_owner. The owner of the lock can cancel the document detection and overwrite the document to obtain the lock.