Product Documentation articlePermission: lq851
Added by IBM contributorRui BJ Yang | Edited by IBM contributorRui BJ Yang on April 27, 2011 | Version 3
Rate this article 1 starsRate this article 2 starsRate this article 3 starsRate this article 4 starsRate this article 5 stars

No abstract provided.

Overview


Many operations in the API require the user to have an entitlement for accessing or modifying content in the system. These entitlements are expressed as a set of generic permissions on each resource.

Permission Rights


The following permission rights are defined:
Permission
Description
AddChild
The ability to add a child resource to the current resource that is not a folder
AddFolder
The ability to add a folder as a child of the current resource
Delete
The ability to delete the resource and if applicable, its children
EditProperties
The ability to modify properties on a resource
EditContent
The ability to modify any binary contents on a resource
Edit
The ability to modify all data on a resource
ViewProperties
The ability to view properties on a resource
ViewContent
The ability to view any binary contents on a resource
View
The ability to view all data about a resource
GrantAccess
The ability to allow another user to have access on a resource
LockOverride
The ability to override a lock created by another user when updating a resource



Default authority


If resource has not been explicitly granted access, all attempts to access any data on the resource or its related data is prohibited.

Anonymous user access


All anonymous users have 'View','ViewContent','ViewProperties' permissions on resources that have been explicitly marked as public and default authority on all other resources.

Authenticated user access


All authenticated users have 'View','ViewContent','ViewProperties' authority on resources that have been explicitly marked as public and default authority on all other resources for which they have not been granted explicit access.

Viewing permissions


Permissions are returned back as a custom namespace extension element in any request to the server that specifies permissions to be retrieved. Permissions are not retrieved by default on a request to the server.
Requesting permissions is supported via the following URL argument:
Argument
Value
Description
acls
true, false
Retrieve a comma-delimited list of permissions for each resource returned in the request.



<td:permissions>AddChild,Delete,Edit,View</td:permissions>


The following table describes special permissions for each of the available access levels:
ActionNo AccessReaderContributorEditorManagerOwner


Delete Other user's draft
NoNoNoNoYesYes