Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Creative workflow with security from security.xml

Here you will find the current permissions by role (provided with a starter-kit) transcribed into readable text. This way we hope you can setup appropriate security rules for the creative worklow while using a security from security.xml.

Role 27: Administrator

 Permission details : readable text view

View Action:

  • Permission: Any user can view objects regardless of status or ownership.

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

Delete Action:

  • Permission: Any user can delete objects regardless of status or ownership.

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

Insert Action:

  • Permission: Only allowed during the creation of new instances.

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

Update Action:

  • Permission: Any user can update objects regardless of status or ownership.

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

Change Status Action:

  • Permission: Any workflow action, such as publishing or archiving, can change the status of objects, regardless of current status or ownership.

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem.

 Permission details : technical view

Action : view, permission = $anystatus/$anyowner

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem


Action : delete, permission = $anystatus/$anyowner

for objects :

  • collaborativebrief

  • collaborativespac

  • massimportitem

  • massimportjob

  • massimportpreviousitem


Action : insert, permission = $newcreation

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem


Action : update, permission = $anystatus/$anyowner

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem


Action : changestatus, permission = $anyaction/$anystatus/$anyowner

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem

Role 28 : Contributor

 Permission details : readable text view

View Action:

  • Objects: collaborativebrief, massimportitem, massimportjob

  • Permissions:

    • Any user can view these objects if they are the owner.

    • Any user can view these objects if they are the team leader.

    • Any user can view these objects if they are a team member.

View Action:

  • Objects: massimportpreviousitem, collaborativebrief

  • Permissions:

    • Any user can view these objects regardless of ownership.

Insert Action:

  • Objects: collaborativebrief, collaborativespace, massimportitem, massimportjob, massimportpreviousitem

  • Permission:

    • Insertion is allowed only during the creation of new instances.

Update Action:

  • Objects: massimportitem, massimportjob

  • Permissions:

    • Any user can update these objects if they are the owner.

    • Any user can update these objects if they are the team leader.

    • Any user can update these objects if they are a team member.

Update Action:

  • Objects: collaborativespace

  • Permissions:

    • Any user can update Collaborative Spaces if they are the owner.

    • Any user can update Collaborative Spaces if they are the team leader.

Update Action:

  • Objects: massimportpreviousitem

  • Permission:

    • Any user can update massimportpreviousitem regardless of ownership.

Delete Action:

  • Objects: collaborativespace, massimportitem, massimportjob, collaborativebrief

  • Permissions:

    • Any user can delete these objects if they are the owner.

    • Any user can delete these objects if they are the team leader.

Delete Action:

  • Objects: massimportpreviousitem

  • Permission:

    • Any user can delete massimportpreviousitem regardless of ownership.

Change Status Action:

  • Objects: collaborativespace, massimportjob

  • Permission:

    • Any workflow action can change the status of these objects if they are the owner.

    • Any workflow action can change the status of these objects if they are the team leader.

Change Status Action:

  • Objects: massimportitem

  • Permission:

    • Any workflow action can change the status of massimportitem if the user is the team leader.

Change Status Action:

  • Objects: massimportpreviousitem, collaborativebrief

  • Permissions:

    • Any workflow action can change the status of these objects regardless of ownership.

 Permission details : technical view

Action : view

for objects :

  • collaborativespace

  • massimportitem

  • massimportjob

permissions:

  • $anystatus/$selfowner

  • $anystatus/$teamleader

  • $anystatus/$teammember

for objects :

  • massimportpreviousitem

  • collaborativebrief

permissions :

  • $anystatus/$anyowner



Action : insert

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportitem

  • massimportjob

  • massimportpreviousitem

permission :

  • $newcreation


Action : update

for objects :

  • massimportitem

  • massimportjob

permission :

  • $anystatus/$selfowner

  • $anystatus/$teamleader

  • $anystatus/$teammember

for objects :

  • collaborativespace

permission :

  • $anystatus/$selfowner

  • $anystatus/$teamleader

for objects :

  • massimportpreviousitem

permission :

  • $anystatus/$anyowner

for objects :

  • collaborativebrief

permission :

  • $anystatus/$selfowner


Action : Delete

for objects :

  • collaborativespace

  • massimportitem

  • massimportjob

permission :

  • $anystatus/$selfowner

  • $anystatus/$teamleader

for objects :

  • massimportpreviousitem

permission :

  • $anystatus/$anyowner

for objects :

  • collaborativebrief

permission :

  • $anystatus/$selfowner


Action : Changestatus

for objects :

  • collaborativespace

  • massimportjob

permission :

  • $anyaction/$anystatus/$selfowner

  • $anyaction/$anystatus/$teamleader

for objects :

  • massimportitem

permission:

  • $anyaction/$anystatus/$teamleader

for objects :

  • massimportpreviousitem

permission:

  • $anyaction/$anystatus/$anyowner

for objects :

  • collaborativebrief

permission :

  • $anyaction/$anystatus/$selfowner

Role 29 : Reader

 Permission details : readable text view

View Action:

  • Objects: collaborativespace, massimportitem, massimportjob

  • Permission:

    • Any user can view these objects if they are the owner.

    • Any user can view these objects if they are a team member.

View Action:

  • Objects: massimportpreviousitem, collaborativebrief

  • Permission:

    • Any user can view these objects regardless of ownership.

Insert Action:

  • Objects: collaborativebrief, collaborativespace, massimportjob

  • Permission:

    • Insertion is never allowed.

Insert Action:

  • Objects: massimportitem, massimportpreviousitem

  • Permission:

    • Insertion is allowed only for new creations.

Update Action:

  • Objects: collaborativebrief, collaborativespace

  • Permission:

    • Updating is never allowed.

Update Action:

  • Objects: massimportitem, massimportjob

  • Permission:

    • Any user can update these objects if they are a team member or the owner.

Update Action:

  • Objects: massimportpreviousitem

  • Permission:

    • Any user can update massimportpreviousitem if they are the owner.

Delete Action:

  • Objects: collaborativebrief, collaborativespace, massimportjob

  • Permission:

    • Deletion is never allowed.

Delete Action:

  • Objects: massimportitem

  • Permission:

    • Deletion is allowed only for self-owned items.

Delete Action:

  • Objects: massimportpreviousitem

  • Permission:

    • Any user can delete massimportpreviousitem if they are the owner.

Change Status Action:

  • Objects: massimportpreviousitem

  • Permission:

    • No permission for changing status.

Change Status Action:

  • Objects: massimportitem

  • Permission:

    • Any workflow action can change the status of massimportitem if the user is the owner.

Change Status Action:

  • Objects: collaborativespace, massimportjob, collaborativebrief

  • Permission:

    • Changing status is never allowed.

 Permission details : technical view

Action : View

for objects :

  • collaborativespace

  • massimportitem

  • massimportjob

permission :

  • $anystatus/$selfowner

  • $anystatus/$teammember

for objects :

  • massimportpreviousitem

  • collaborativebrief

permission :

  • $anystatus/$anyowner

Action : Insert

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportjob

permission :

  • $never

for objects :

  • massimportitem

  • massimportpreviousitem

permission :

  • $newcreation

Action : Update

for objects :

  • collaborativebrief

  • collaborativespace

permission :

  • $never

for objects :

  • massimportitem

  • massimportjob

permission :

  • $anystatus/$teammember

  • $anystatus/$selfowner

for objects :

  • massimportpreviousitem

permission :

  • $anystatus/$selfowner

Action : Delete

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportjob

permission :

  • $never

for objects :

  • massimportitem

permission :

  • 3/$selfowner

for objects :

  • massimportpreviousitem

permission :

  • $anystatus/$selfowner

Action : Changestatus

for objects :

  • massimportpreviousitem

permission :

  • no permission

for objects :

  • massimportitem

permission :

  • $anyaction/$anystatus/$selfowner

for objects :

  • collaborativebrief

  • collaborativespace

  • massimportjob

permission :

  • $never

  • $anystatus: Any state

  • $anyowner: No restriction on ownership

  • $newcreation: Creating a fresh instance (eg click on the “New” button)

  • $anyaction: Any workflow action (including publishing and archiving actions)

  • $teammember : surfer is in instance’s team prop value

    Keyword’s activation conditions :

    • The structure must have this tag : pkg/security/collaborative

    • The structure must have a team property which is a childmultilngdb of user

  • $teamleader : surfer is team’s leader
    Keyword’s activation conditions :

    • The structure must have this tag : pkg/security/collaborative

    • The structure must have a jobowner property which is a child of user

  • $never : surfer not allowed

Setting Up Permissions and Roles

  • No labels