Redbex Reference Manual - Domain privileges & permissions

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Application Server > Common services > Authorization > Privilege object types & Permissions

Domain privileges & permissions

Permissions for domains control access to the domains and many indirect permission objects linked to domains e.g. axes, or cross sections.

Domain privileges granting the domain permission Read (0) are propagated up and down the domain tree. I.e. if the Read (0) is granted to a domain the privilege will also apply to all of the domains on the path of this domain. The Read (0) permission is always granted to all users on the root domain, however that specific permission is not propagated down the tree.

Domain privileges granting any other domain permission than Read (0) are propagated down the domain tree. I.e. if the privilege is granted to a domain the privilege will be inherited by all subordinate domains.

Read permissions of features that are member of a domain are transformed to a read permission on the domain itself, therefore whenever a read permission is given on a feature (either directly or transformed from a view permission) this will automatically imply read permission on the domain

Table 1 lists the permissions that can be granted for domains and effect the domains themselves, table 2 lists indirect permissions that are granted on domain as privilege objects but define the access rights on indirect privilege objects linked to the domains.

Permission	No	Description, Actual actions granted
Read (0)	0	Read all data of the domain, including •Sensors •Classifications •Axes and axis reference systems •Presentation templates •Alias schemes •Approval templates •... and all other data liked to a domain. Does not include the right to read all features linked to that domain.
Modify (2)	2	Modify data of the domain. Includes the permission to: •delete domains (except root domain which cannot be deleted). •create subordinate domains. •set privilege propagation break •hide feature types Note that deleting of domains is only possible if no other data is linked to that domain.
Modify privileges (3)	3	If granted the privilege subject can modify the privileges on that domain. However the privilege subject can only add or remove privileges that it is granted itself.

Table 1: Permissions on domains

The permission to read data linked to a domains (except features) is either granted directly by granting the Read permission or indirectly by the system If a user has the permission to read a feature or some other content that is assigned to a specific domain the system will implicitly grant the right to read all other content except features in the same domain or a parent domain thereof.

Permission	No	Description
Hide feature types (6)	6	Hide specific feature types in this domain. Will restrict the feature types that are available when creating new features in that domain.
Manage alias schemes (7)	7	Create modify and delete alias schemes. This permission does not implicitly allow to translate features names in a scheme - alias names for a feature can only be modified if the user has modify permission on the feature.
Manage axes (10)	10	If granted axes and axis reference systems can be created and modified in the domain.
Manage presentation templates (9)	9	If granted presentation templates can be created and modified in this domain
Observation monitoring (8)	8	If granted you can create monitoring definitions on a feature type in that domain given that you also have the Modify feature settings (4) on that feature type.

Table 2: Permissions on on domains that effect indirect privilege objects

Permission	No	Description
Create features (4)	4	Permission to create features that are member of this domain. To actually be allowed to create a feature the feature type permission Create features of this type has to be granted also. Note if there is no view containing the newly created feature that assigns permissions to the creating user, the user might be able to create a feature but can not read or modify it
Modify approval templates (11)	11	Permission to create, modify and delete approval templates that are member of a specific domain. To be allowed to actually create, modify or delete an approval template the user also needs modify approval templates permission on the feature type the approval template references.
Modify Classifications (13)	13	Permission to create modify and delete classifications that are member of a specific domain. To be allowed to actually create, modify or delete a classification the user also needs modify classifications permission on a feature type that uses classifications of that classification type.
Modify feature settings (15)	15	Modify feature settings where the context is a feature setting with a context that reference a specific domain. To be allowed to actually create, modify or delete a feature setting the user also needs modify feature settings permission on feature type the setting context references.
Modify feature subtypes (14)	14	Propagation direction: down Permission to create modify and delete feature subtypes within that domain. To be allowed to actually create, modify or delete a feature subtype the user also needs modify feature subtypes permission on the feature type the subtype belongs to.
Modify sensors (12)	12	Permission to create, modify and delete sensors that is member of a specific domain. To be allowed to actually create, modify or delete a sensor the user also needs modify sensors permission on the feature type the sensor belongs to (via its sensor type).
Modify sensor settings (16)	16	Modify feature settings where the context is a sensor setting with a context that reference a specific domain. To be allowed to actually create, modify or delete a feature setting the user also needs modify sensor settings permission on feature type the setting context references (via the sensor type reference in the context).
Set used classification (5)	5	If granted the classification that is used for a specific classification type in this domain can be defined. To be allowed to actually set the used classification for a specific classification type, the user also needs modify feature settings permission on one of the the feature types classification type belongs to.
Manage cross sections (17)	17	Permission to create, modify and delete cross sections that are member of a specific domain.
Manage feature creation templates (18)	18	Permission to create, modify and delete Feature Creation Templates that are member of a specific domain.
Manage Map file sets (19)	19	Permission to create, modify and delete Map File Sets that are member of a specific domain.
Manage import definitions (20)	20	Permission to create, modify and delete Stored Import Definitions that are member of a specific domain.
Manage export definitions (21)	21	Permission to create, modify and delete Stored Export Definitions that are member of a specific domain.
Manage feature and observation tags	22	Permission to create, modify and delete observations tags that are member of a specific domain.
Manage image or hatch patterns	23
Move domains	24	Permission to move domains
Manage private stored job definitions	25	Permission to create, modify and delete private stored job definitions that are member of a specific domain.
Manage stored job definitions	26	Permission to create, modify and delete stored job definition that are member of a specific domain.
Read features	100
Modify features	101
Comment on features	102
Read observations	103
Modify observations	104
Comment on observations	105
Spy observations	106
Manage features	107
Modify feature privileges	108
Abort approval workflows	109
Set approval workflows obsolete	110
Modify feature directives	111
Permission to delete feature in a domain	112

Table 3; Permissions on on domains that effect indirect privilege objects. For the permissions listed here to take effect the appropriate feature type permission has to be granted also.