Component org.nuxeo.ecm.core.security.defaultPermissions
In bundle org.nuxeo.ecm.core
Documentation
Default permissions (atomic and compound) used by the core. If you edit this file, please update the specification file: doc/NXCore-Security.txt in core module
Resolution Order
91
The resolution order represents the order in which this component has been resolved by the Nuxeo Runtime
framework.
You can influence this order by adding "require" tags in your component declaration, to make sure it is resolved after another component.
Contributions
- org.nuxeo.ecm.core.security.defaultPermissions--permissions
- org.nuxeo.ecm.core.security.defaultPermissions--permissionsVisibility
XML Source
<?xml version="1.0"?>
<component name="org.nuxeo.ecm.core.security.defaultPermissions">
<documentation>
Default permissions (atomic and compound) used by the core. If you
edit this file, please update the specification file:
doc/NXCore-Security.txt in core module
@author <a href="mailto:og@nuxeo.com">Olivier Grisel</a>
</documentation>
<extension target="org.nuxeo.ecm.core.security.SecurityService"
point="permissions">
<permission name="Browse" />
<permission name="ReadProperties">
<include>Browse</include>
</permission>
<permission name="ReadChildren" />
<permission name="ReadLifeCycle" />
<permission name="ReviewParticipant" />
<permission name="ReadSecurity" />
<permission name="WriteProperties" />
<permission name="ReadVersion"/>
<permission name="WriteVersion" >
<include>WriteProperties</include>
</permission>
<permission name="Version" >
<include>ReadVersion</include>
<include>WriteVersion</include>
</permission>
<permission name="Read">
<include>Browse</include>
<include>ReadVersion</include>
<include>ReadProperties</include>
<include>ReadChildren</include>
<include>ReadLifeCycle</include>
<include>ReadSecurity</include>
<include>ReviewParticipant</include>
</permission>
<permission name="AddChildren" />
<permission name="RemoveChildren" />
<permission name="Remove" />
<permission name="ManageWorkflows" />
<permission name="WriteLifeCycle" />
<permission name="Unlock" />
<permission name="Remove">
<documentation>
NXP-10929: necessary to follow the "delete" transition when Trash is enabled: include WriteLifeCycle
</documentation>
<include>RemoveChildren</include>
<include>WriteLifeCycle</include>
</permission>
<permission name="ReadRemove">
<include>Read</include>
<include>Remove</include>
</permission>
<permission name="Write">
<include>AddChildren</include>
<include>WriteProperties</include>
<include>Remove</include>
<include>ManageWorkflows</include>
<include>WriteLifeCycle</include>
<include>WriteVersion</include>
</permission>
<permission name="ReadWrite">
<include>Read</include>
<include>Write</include>
</permission>
<permission name="WriteSecurity" />
<permission name="Everything">
<documentation>
Special permission given to administrators: god-level access
</documentation>
</permission>
<permission name="RestrictedRead">
<documentation>
Deprecated - was used only for a single customer project before pluggable permission definitions
</documentation>
</permission>
<permission name="MakeRecord" />
<permission name="SetRetention" />
<permission name="ManageLegalHold" />
<!-- Only for flexible records -->
<permission name="UnsetRetention" />
<permission name="WriteColdStorage" />
</extension>
<extension target="org.nuxeo.ecm.core.security.SecurityService"
point="permissionsVisibility">
<visibility>
<item show="true" order="10">Read</item>
<item show="true" order="50" denyPermission="Write">ReadWrite</item>
<item show="true" order="100">Everything</item>
</visibility>
</extension>
</component>