Permissions

Global permissions

Principle

There are three kinds of global permissions:

  • read: list all objects and view properties
  • update: update object properties
  • create: create and delete objects

They apply to the following objects:

  • documentation (doc)
  • users (usr)
  • user groups (grp)
  • storages (stg)
  • projects (prj)

So, for instance, usr.update means that you can update user properties.

Permissions are gathered in permission groups (obj is one of the above objects):

  • group:obj_user = obj.read
  • group:obj_editor = obj.read + obj.update
  • group:obj_manager = obj.read + obj.update + obj.create

In addition, group:admin gives all permissions to its owner.

Exhaustive lists

Here are all permissions:

  • administration: admin
  • documentation: doc.update, doc.create
  • users: usr.read, usr.update, usr.create
  • groups: grp.read, grp.update, grp.create
  • storages: stg.read, stg.update, stg.create
  • projects: prj.read, prj.update, prj.create

And, permission groups:

  • Administrator:

    • group:admin = admin

  • Documentation manipulation:

    • group:doc_editor = doc.update
    • group:doc_manager = doc.update + doc.create

  • User manipulation:

    • group:usr_user = usr.read
    • group:usr_editor = usr.read + usr.update
    • group:usr_manager = usr.read + usr.update + usr.create

  • Group manipulation:

    • group:grp_user = grp.read
    • group:grp_editor = grp.read + grp.update
    • group:grp_manager = grp.read + grp.update + grp.create

  • Storage manipulation:

    • group:stg_user = stg.read
    • group:stg_editor = stg.read + stg.update
    • group:stg_manager = stg.read + stg.update + stg.create

  • Project manipulation:

    • group:prj_user = prj.read
    • group:prj_editor = prj.read + prj.update
    • group:prj_manager = prj.read + prj.update + prj.create

Permissions on a storage

When a user can access a storage because he has at least the global permission stg.read and the storage is opened or the user or one of its groups is authorized, he has one of the following storage permission:

  • reader: he can see or download files or directories
  • writer: he can create, modify or uplaod files or directories

Permissions on a project

When a user participates in a project because he has at least the global permission prj.read and he is in the list of project members, he has one of the following project permission:

  • member: he can see and download packs and modify files of packs
  • packeditor: he can modify packs
  • packmaker: he can create and modify packs
  • leader: he can modify project settings: roles, tasks, members, processing, packs