Many operations in the API require the user to have an entitlement for accessing or modifying content in the system. These entitlements are expressed as a set of generic permissions on each resource.
The following permission rights are defined:
The ability to add a child resource to the current resource that is not a folder
The ability to add a folder as a child of the current resource
The ability to delete the resource and if applicable, its children
The ability to modify properties on a resource
The ability to modify any binary contents on a resource
The ability to modify all data on a resource
The ability to view properties on a resource
The ability to view any binary contents on a resource
The ability to view all data about a resource
The ability to allow another user to have access on a resource
The ability to override a lock created by another user when updating a resource
If resource has not been explicitly granted access, all attempts to access any data on the resource or its related data is prohibited.
Anonymous user access
All anonymous users have 'View','ViewContent','ViewProperties' permissions on resources that have been explicitly marked as public and default authority on all other resources.
Authenticated user access
All authenticated users have 'View','ViewContent','ViewProperties' authority on resources that have been explicitly marked as public and default authority on all other resources for which they have not been granted explicit access.
Permissions are returned back as a custom namespace extension element in any request to the server that specifies permissions to be retrieved. Permissions are not retrieved by default on a request to the server.
Requesting permissions is supported via the following URL argument:
Retrieve a comma-delimited list of permissions for each resource returned in the request.
The following table describes special permissions for each of the available access levels:
Delete Other user's draft