A right is a permission type and each right allows only some sorts of resource operations. Some operations require several rights, moving a content item, for example. The following table lists required rights for operations on a content item doc of type Article in Folder F2:
Operations:
read fields of content item doc
read implied properties of content item doc like date of last modification
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2/doc |
Article |
X |
- |
- |
- |
- |
- |
Table 3.52. Rule to read a content item
Operations:
create new content item doc in folder F2
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2 |
Article |
- |
X |
- |
- |
- |
- |
Table 3.53. Rule to create a content item
Operations:
rename content item doc
save content item doc
checkout content item doc
check in or uncheckout content item doc if the same user has checked it out before.
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2/doc |
Article |
- |
X |
- |
- |
- |
- |
Table 3.54. Rule for content item operations
Operations:
move content item doc from folder F2 to Folder F3
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2 |
Article |
- |
X |
- |
- |
- |
- | |
G |
/F1/F3 |
Article |
- |
X |
- |
- |
- |
- |
Table 3.55. Rules to move a content item
Operations:
mark content item doc for deletion
unmark content item doc for deletion
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2/doc |
Article |
- |
- |
X |
- |
- |
- |
Table 3.56. Rule to mark or (un)mark a content item for deletion
Operations:
move content item doc from folder F2 to trash
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2/doc |
Article |
- |
- |
X |
- |
- |
- | |
/F1/F2 |
Article |
X |
Table 3.57. Rules to delete a content item
Operations:
approve content item doc
disapprove content item doc
approve place content item doc
disapprove place content item doc
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2/doc |
Article |
- |
- |
- |
X |
- |
- |
Table 3.58. Rule to (dis)approve a content item
Operations:
publish content item doc
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2/doc |
Article |
- |
- |
- |
- |
X |
- |
Table 3.59. Rule to publish a content item
Operations:
check in or uncheckout content item doc for a user different from the one who checked out the content item
Required right:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2/doc |
Article |
- |
- |
- |
- |
- |
X |
Table 3.60. Rule to check in content items of other users
The following paragraphs list required rights for certain operations on a folder F2 in parent folder F1:
Operations:
read implied properties of folder F2, like date of last modification or names of children
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2 |
+ |
X |
- |
- |
- |
- |
Table 3.61. Rule to read folder properties
Operations:
place approve folder F2
place disapprove folder F2
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2 |
+ |
- |
X |
- |
- |
- |
Table 3.62. Rule to place approve or disapprove a folder
Operations:
publish folder F2
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2 |
+ |
- |
- |
X |
- |
- |
Table 3.63. Rule to publish a folder
Operations:
create a subfolder in folder F2
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2 |
+ |
- |
- |
- |
- |
X |
Table 3.64. Rule to create subfolders
Operations:
rename folder F2
mark folder F2 for deletion
unmark folder F2 for deletion
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1 |
+ |
- |
- |
- |
- |
X |
Table 3.65. Rule to operate on subfolders
Operations:
move folder F2 to folder F3
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1 |
+ |
- |
- |
- |
- |
X | ||
/F3 |
+ |
- |
- |
- |
- |
X |
Table 3.66. Rules to move a folder
Note | |
---|---|
The root folder has special rights. You cannot move, delete or rename the root folder. |
Above you saw that the SUPERVISE right is necessary for non-administrator users to check-in content items of other users. Now you will see that the SUPERVISE right is the right for a non-administrator group to grant new rights:
Operations:
users of group G grant rights on content item doc for resource type Article
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2/doc |
Article |
- |
- |
- |
X |
- |
Table 3.67. Rule to supervise a content item
Operations:
users of group G grant rights on folder F2 for resource type Article
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2 |
Article |
- |
- |
- |
X |
- |
Table 3.68. Rule to supervise content items in a folder
Operations:
users of group G grant rights on folder F2 for the folder type +
Required rights:
Group |
Resource |
Resource Type |
READ |
EDIT |
DELETE |
APPROVE |
PUBLISH |
SUPERVISE |
FOLDER |
---|---|---|---|---|---|---|---|---|---|
G |
/F1/F2 |
+ |
- |
- |
- |
X |
- |
Table 3.69. Rule to supervise a folder
You do not have to define rules for each group, resource or resource type. A rule definition may contain a
super group: the rule is applicable for all subgroups
super folder: the rule is applicable for all subfolders
super type: the rule is applicable for all subtypes
When using super groups, super folders and super types the number of rules is greatly reduced but the problem of conflicting rules emerges. The problem appears when two rules for a super group and subgroup or a super folder and a subfolder or a supertype and a subtype are defined. The following section explains how rights for a resource are evaluated from a set of rules and how conflicting rules are resolved.