Permission
objects. A
object represents an access control (or rule) associated with an object. Every object has an associated Access Control List (ACL), which is represented by a Content Engine
object. Each ACL is composed of Access Control Entries (ACEs), each of which grants or denies specific permissions (access rights) to a particular user or group. An individual
object represents an access control and corresponds to an Access Control Entry (ACE).
You can get a
object by calling an object's
method and using methods on the returned collection to retrieve its elements. You can create a new
instance by calling
.
You can optionally set the
object to be inheritable. That is, by calling
, you can specify the level (depth) to which the permission you create can be inherited. You can specify that the permission is not inheritable, or that it can be inherited to a single level, or that it can be inherited to an unlimited level.
A permission can be acquired from several sources: direct, default, a security parent, or a security template. A permission's source is direct as a result of explicitly setting the object's permission, for example, by calling
. The source is default when a permission is acquired as a result of default settings on an object's class. For example, if you do not specify any permissions when you create an object, the permissions assigned to the class are assigned to the new object. A permission's source is its security parent if the permission is assigned as a result of inheriting a parent object's permissions. For example, if you create a subfolder, the subfolder can inherit the permissions assigned to the folder in which it is contained (that is, its parent folder). If the permission is acquired from a security template, its permission source is the template. To determine the permission source of a
object, call
.
The following tables list the members exposed by IPermission.
Public Properties
Name | Description | |
---|---|---|
![]() | GranteeName | The distinguished name (DN) or short name of the user or group to whom an access permission is granted. |
![]() | GranteeType | Specifies whether a group or a user is being granted a permission. |
![]() | InheritableDepth | The maximum depth to which a permission (ACL) can be inherited. As the ACL gets inherited in a tree of objects, the value is decremented. Example values are as follows:
|
![]() | PermissionSource | Indicates the source of the given permission. The source of access rights can be:
|