cancel
Showing results for 
Search instead for 
Did you mean: 

customizing default permissions in securityService

Rawan_Alharbi
Champ on-the-rise
Champ on-the-rise

Hello team,

I'm customizing some permission on the documents level and I have some questions regarding the atomic permissions.

I'm confused about some of the atomic permissions listed here, like what the difference between "browse" and "ReadProperties", looks like "ReadProperties" include "browse" permission only and in "read" includes both of them, why we just include "ReadProperties" since it already contains "browse".

Some of them are obvious by their names like (ReadVersion, WriteVersion, AddChildren, ReadChildren, RemoveChildren), but could anyone clarify these permissions purpose (ReadLifeCycle, WriteLifeCycle, ManageWorkflows, ReadSecurity, WriteSecurity).

Also, where can I find what the "Everything" permission includes? as mentioned here, so I can customize it. For example: I want to give a user read-write permission and include (give other users access) privilege without giving him "Everything" permission. is it possible?

I appreciate it if anyone could help me understand this or provide me with documentation.

Thank you

1 ACCEPTED ANSWER

Phil_Ludlow
Star Contributor
Star Contributor

Here is documentation on the differences between the atomic permissions:

https://github.com/nuxeo/nuxeo/blob/2387c0ba417810c3b68fd8d51795b46cdee6f579/modules/core/nuxeo-core...

Basic permissions and their groupings:

  • Browse: know about a document, but not necessarily get detailed information about it.
  • ReadProperties: read the properties of a document. This gives access to all the document's content, but not its security, and not its children if it's a folder. ReadProperties implies Browse.
  • ReadSecurity: read the security of a document.
  • ReadChildren: read the list of children of a folder.
  • Read: a grouping of ReadProperties and ReadChildren.
  • WriteProperties: write the properties of a document, excluding the security or the manipulation of children.
  • Version: checkin a version of the document.
  • WriteSecurity: write the security of a document.
  • AddChildren: add children to a folder.
  • RemoveChildren: remove children from a folder.
  • Remove: remove a document itself.
  • Write: a grouping of WriteProperties, AddChildren, Remove, RemoveChildren.
  • Everything: a pseudo group of all the permissions in the system. `

I haven't been able to find the code for "Everything", but you may be able to just make a new permission that includes ReadWrite and WriteSecurity to get what you want (I haven't tested this, but it seems like that would be the permission to allow for giving other users access).

View answer in original post

2 REPLIES 2

Phil_Ludlow
Star Contributor
Star Contributor

Here is documentation on the differences between the atomic permissions:

https://github.com/nuxeo/nuxeo/blob/2387c0ba417810c3b68fd8d51795b46cdee6f579/modules/core/nuxeo-core...

Basic permissions and their groupings:

  • Browse: know about a document, but not necessarily get detailed information about it.
  • ReadProperties: read the properties of a document. This gives access to all the document's content, but not its security, and not its children if it's a folder. ReadProperties implies Browse.
  • ReadSecurity: read the security of a document.
  • ReadChildren: read the list of children of a folder.
  • Read: a grouping of ReadProperties and ReadChildren.
  • WriteProperties: write the properties of a document, excluding the security or the manipulation of children.
  • Version: checkin a version of the document.
  • WriteSecurity: write the security of a document.
  • AddChildren: add children to a folder.
  • RemoveChildren: remove children from a folder.
  • Remove: remove a document itself.
  • Write: a grouping of WriteProperties, AddChildren, Remove, RemoveChildren.
  • Everything: a pseudo group of all the permissions in the system. `

I haven't been able to find the code for "Everything", but you may be able to just make a new permission that includes ReadWrite and WriteSecurity to get what you want (I haven't tested this, but it seems like that would be the permission to allow for giving other users access).

Thank you so much for your reply, I really appreciate your time that's exactly what I needed.

Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.