Product Documentation articlePermission: lq851
Added by IBM contributorRui BJ Yang | Edited by IBM contributorRui BJ Yang on April 27, 2011 | Version 3
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

No abstract provided.


Many operations in the API require the user to have an entitlement for accessing or modifying content in the system. These entitlements are expressed as a set of generic permissions on each resource.

Permission Rights

The following permission rights are defined:
The ability to add a child resource to the current resource that is not a folder
The ability to add a folder as a child of the current resource
The ability to delete the resource and if applicable, its children
The ability to modify properties on a resource
The ability to modify any binary contents on a resource
The ability to modify all data on a resource
The ability to view properties on a resource
The ability to view any binary contents on a resource
The ability to view all data about a resource
The ability to allow another user to have access on a resource
The ability to override a lock created by another user when updating a resource

Default authority

If resource has not been explicitly granted access, all attempts to access any data on the resource or its related data is prohibited.

Anonymous user access

All anonymous users have 'View','ViewContent','ViewProperties' permissions on resources that have been explicitly marked as public and default authority on all other resources.

Authenticated user access

All authenticated users have 'View','ViewContent','ViewProperties' authority on resources that have been explicitly marked as public and default authority on all other resources for which they have not been granted explicit access.

Viewing permissions

Permissions are returned back as a custom namespace extension element in any request to the server that specifies permissions to be retrieved. Permissions are not retrieved by default on a request to the server.
Requesting permissions is supported via the following URL argument:
true, false
Retrieve a comma-delimited list of permissions for each resource returned in the request.


The following table describes special permissions for each of the available access levels:
ActionNo AccessReaderContributorEditorManagerOwner

Delete Other user's draft