Platform Explorer / Nuxeo Platform 2023.24

Contribution org.nuxeo.ecm.core.security.defaultPermissions--permissions

This contribution is part of XML component org.nuxeo.ecm.core.security.defaultPermissions inside nuxeo-core-2023.24.12.jar /OSGI-INF/permissions-contrib.xml

Extension Point

Extension point permissions of component SecurityService.

Registration Order

0
The registration order represents the order in which this contribution was registered on its target extention point. This will impact the override/merge behaviour when it is implemented on the target service, and is useful for proper customization of existing contributions.
You can influence this order by adding "require" tags in the containing component declaration, to make sure it is resolved after another component (see "Resolution Order" on components).

Contributed Items

  • <permission name="Browse"/>
  • <permission name="ReadProperties">
          <include>Browse</include>
        </permission>
  • <permission name="ReadChildren"/>
  • <permission name="ReadLifeCycle"/>
  • <permission name="ReviewParticipant"/>
  • <permission name="ReadSecurity"/>
  • <permission name="WriteProperties"/>
  • <permission name="ReadVersion"/>
  • <permission name="WriteVersion">
           <include>WriteProperties</include>
        </permission>
  • <permission name="Version">
           <include>ReadVersion</include>
           <include>WriteVersion</include>
        </permission>
  • <permission name="Read">
          <include>Browse</include>
          <include>ReadVersion</include>
          <include>ReadProperties</include>
          <include>ReadChildren</include>
          <include>ReadLifeCycle</include>
          <include>ReadSecurity</include>
          <include>ReviewParticipant</include>
        </permission>
  • <permission name="AddChildren"/>
  • <permission name="RemoveChildren"/>
  • <permission name="Remove"/>
  • <permission name="ManageWorkflows"/>
  • <permission name="WriteLifeCycle"/>
  • <permission name="Unlock"/>
  • <permission name="Remove">
          <documentation>
            NXP-10929: necessary to follow the "delete" transition when Trash is enabled: include WriteLifeCycle
          </documentation>
          <include>RemoveChildren</include>
          <include>WriteLifeCycle</include>
        </permission>

    NXP-10929: necessary to follow the "delete" transition when Trash is enabled: include WriteLifeCycle

  • <permission name="ReadRemove">
          <include>Read</include>
          <include>Remove</include>
        </permission>
  • <permission name="Write">
          <include>AddChildren</include>
          <include>WriteProperties</include>
          <include>Remove</include>
          <include>ManageWorkflows</include>
          <include>WriteLifeCycle</include>
          <include>WriteVersion</include>
        </permission>
  • <permission name="ReadWrite">
          <include>Read</include>
          <include>Write</include>
        </permission>
  • <permission name="WriteSecurity"/>
  • <permission name="Everything">
          <documentation>
            Special permission given to administrators: god-level access
          </documentation>
        </permission>

    Special permission given to administrators: god-level access

  • <permission name="RestrictedRead">
          <documentation>
            Deprecated - was used only for a single customer project before pluggable permission definitions
          </documentation>
        </permission>

    Deprecated - was used only for a single customer project before pluggable permission definitions

  • <permission name="MakeRecord"/>
  • <permission name="SetRetention"/>
  • <permission name="ManageLegalHold"/>
  • <permission name="UnsetRetention"/>
  • <permission name="WriteColdStorage"/>

XML Source

<extension point="permissions" target="org.nuxeo.ecm.core.security.SecurityService">

    <permission name="Browse"/>
    <permission name="ReadProperties">
      <include>Browse</include>
    </permission>
    <permission name="ReadChildren"/>
    <permission name="ReadLifeCycle"/>
    <permission name="ReviewParticipant"/>
    <permission name="ReadSecurity"/>

    <permission name="WriteProperties"/>
    <permission name="ReadVersion"/>

    <permission name="WriteVersion">
       <include>WriteProperties</include>
    </permission>

    <permission name="Version">
       <include>ReadVersion</include>
       <include>WriteVersion</include>
    </permission>

    <permission name="Read">
      <include>Browse</include>
      <include>ReadVersion</include>
      <include>ReadProperties</include>
      <include>ReadChildren</include>
      <include>ReadLifeCycle</include>
      <include>ReadSecurity</include>
      <include>ReviewParticipant</include>
    </permission>

    <permission name="AddChildren"/>
    <permission name="RemoveChildren"/>
    <permission name="Remove"/>
    <permission name="ManageWorkflows"/>
    <permission name="WriteLifeCycle"/>
    <permission name="Unlock"/>

    <permission name="Remove">
      <documentation>
        NXP-10929: necessary to follow the "delete" transition when Trash is enabled: include WriteLifeCycle
      </documentation>
      <include>RemoveChildren</include>
      <include>WriteLifeCycle</include>
    </permission>

    <permission name="ReadRemove">
      <include>Read</include>
      <include>Remove</include>
    </permission>

    <permission name="Write">
      <include>AddChildren</include>
      <include>WriteProperties</include>
      <include>Remove</include>
      <include>ManageWorkflows</include>
      <include>WriteLifeCycle</include>
      <include>WriteVersion</include>
    </permission>

    <permission name="ReadWrite">
      <include>Read</include>
      <include>Write</include>
    </permission>

    <permission name="WriteSecurity"/>

    <permission name="Everything">
      <documentation>
        Special permission given to administrators: god-level access
      </documentation>
    </permission>

    <permission name="RestrictedRead">
      <documentation>
        Deprecated - was used only for a single customer project before pluggable permission definitions
      </documentation>
    </permission>

    <permission name="MakeRecord"/>
    <permission name="SetRetention"/>
    <permission name="ManageLegalHold"/>
    <!-- Only for flexible records -->
    <permission name="UnsetRetention"/>

    <permission name="WriteColdStorage"/>

  </extension>