Redbex Reference Manual - Removing privileges

Zoom Window Out
Larger Text | Smaller Text
Hide Page Header
Show Expanding Text
Printable Version
Save Permalink URL

Navigation: Application Server > Common services > Authorization > Privileges for Privileges

Removing privileges

If a user can remove a privilege on a specific privilege object is determined by several rules depending on the privilege object type. Below you find the rules that have to be matched for removing privileges from different privilege object types.

Regardless of the privilege object a privilege can never be removed if the removing user is the privilege subject of the privilege to be removed. This is checked to prevent an accidental self lock outs.

System privileges

A system privilege can be removed if all of the following conditions are true

1.The user who tries to remove the privilege has the Modify system privileges (2) system permission.

2.The permission in the privilege to be removed is granted to the user who tries to remove the privilege.

View Privileges

A view privilege for a non-root view can be removed if all of the following conditions are true

1.The user who tries to remove the privilege has the Modify view privileges (4) permission on the view that is privilege object of the privilege to be granted.

2.The user who tries to remove the privilege has the permission he is trying to remove through himself.

Note that permissions on root views can be transformed from the system permission All permissions on root views (1).

Domain privileges

A domain permission can be removed if:

1.The user who tries to remove the privilege has the Modify privileges (3) permission on the domain that is the privilege object.

2.The user who tries to remove the privilege has the permission that he is trying to remove himself on the domain that is the privilege object.

Feature privileges

A feature privilege can be removed if all of the following conditions are matched:

1.The user who tries to grant the privilege has Modify privileges (8) permission on that feature.

2.The user who tries to remove the privilege has the permission that he is trying to remove himself on the feature that is the privilege object.

Feature type privileges

A feature type privilege can be removed if:

1.The user who tries to remove the privilege has the system permission Modify feature type privileges (23).

2.The user who tries to remove the privilege has the permission that he is trying to remove himself on the feature type that is the privilege object .