Platform Explorer / Nuxeo Platform 2023.7

Component org.nuxeo.ecm.core.security.defaultPermissions

Documentation

Default permissions (atomic and compound) used by the core. If you edit this file, please update the specification file: doc/NXCore-Security.txt in core module

Resolution Order

92
The resolution order represents the order in which this component has been resolved by the Nuxeo Runtime framework.
You can influence this order by adding "require" tags in your component declaration, to make sure it is resolved after another component.

Contributions

XML Source

<?xml version="1.0"?>
<component name="org.nuxeo.ecm.core.security.defaultPermissions">
  <documentation>
    Default permissions (atomic and compound) used by the core. If you
    edit this file, please update the specification file:
    doc/NXCore-Security.txt in core module

    @author <a href="mailto:og@nuxeo.com">Olivier Grisel</a>
  </documentation>

  <extension target="org.nuxeo.ecm.core.security.SecurityService"
    point="permissions">

    <permission name="Browse" />
    <permission name="ReadProperties">
      <include>Browse</include>
    </permission>
    <permission name="ReadChildren" />
    <permission name="ReadLifeCycle" />
    <permission name="ReviewParticipant" />
    <permission name="ReadSecurity" />

    <permission name="WriteProperties" />
    <permission name="ReadVersion"/>

    <permission name="WriteVersion" >
       <include>WriteProperties</include>
    </permission>

    <permission name="Version" >
       <include>ReadVersion</include>
       <include>WriteVersion</include>
    </permission>

    <permission name="Read">
      <include>Browse</include>
      <include>ReadVersion</include>
      <include>ReadProperties</include>
      <include>ReadChildren</include>
      <include>ReadLifeCycle</include>
      <include>ReadSecurity</include>
      <include>ReviewParticipant</include>
    </permission>

    <permission name="AddChildren" />
    <permission name="RemoveChildren" />
    <permission name="Remove" />
    <permission name="ManageWorkflows" />
    <permission name="WriteLifeCycle" />
    <permission name="Unlock" />

    <permission name="Remove">
      <documentation>
        NXP-10929: necessary to follow the "delete" transition when Trash is enabled: include WriteLifeCycle
      </documentation>
      <include>RemoveChildren</include>
      <include>WriteLifeCycle</include>
    </permission>

    <permission name="ReadRemove">
      <include>Read</include>
      <include>Remove</include>
    </permission>

    <permission name="Write">
      <include>AddChildren</include>
      <include>WriteProperties</include>
      <include>Remove</include>
      <include>ManageWorkflows</include>
      <include>WriteLifeCycle</include>
      <include>WriteVersion</include>
    </permission>

    <permission name="ReadWrite">
      <include>Read</include>
      <include>Write</include>
    </permission>

    <permission name="WriteSecurity" />

    <permission name="Everything">
      <documentation>
        Special permission given to administrators: god-level access
      </documentation>
    </permission>

    <permission name="RestrictedRead">
      <documentation>
        Deprecated - was used only for a single customer project before pluggable permission definitions
      </documentation>
    </permission>

    <permission name="MakeRecord" />
    <permission name="SetRetention" />
    <permission name="ManageLegalHold" />
    <!-- Only for flexible records -->
    <permission name="UnsetRetention" />

    <permission name="WriteColdStorage" />

  </extension>

  <extension target="org.nuxeo.ecm.core.security.SecurityService"
    point="permissionsVisibility">

    <visibility>
      <item show="true" order="10">Read</item>
      <item show="true" order="50" denyPermission="Write">ReadWrite</item>
      <item show="true" order="100">Everything</item>
    </visibility>

  </extension>
</component>