Represents the base class for Permission objects.

A Permission object represents an access control (or rule) associated with an object. Every object has an associated Access Control List (ACL), which is represented by a Content Engine PermissionList object. Each ACL is composed of Access Control Entries (ACEs), each of which grants or denies specific permissions (access rights) to a particular user or group. An individual Permission object represents an access control and corresponds to an Access Control Entry (ACE).

You can get a Permission object by calling an object's Get_Permissions method and using methods on the returned collection to retrieve its elements. You can create a new Permission instance by calling Factory.AccessPermission.CreateInstance().

You can optionally set the Permission object to be inheritable. That is, by calling Set_InheritableDepth, you can specify the level (depth) to which the permission you create can be inherited. You can specify that the permission is not inheritable, or that it can be inherited to a single level, or that it can be inherited to an unlimited level.

A permission can be acquired from several sources: direct, default, a security parent, or a security template. A permission's source is direct as a result of explicitly setting the object's permission, for example, by calling Set_Permissions. The source is default when a permission is acquired as a result of default settings on an object's class. For example, if you do not specify any permissions when you create an object, the permissions assigned to the class are assigned to the new object. A permission's source is its security parent if the permission is assigned as a result of inheriting a parent object's permissions. For example, if you create a subfolder, the subfolder can inherit the permissions assigned to the folder in which it is contained (that is, its parent folder). If the permission is acquired from a security template, its permission source is the template. To determine the permission source of a Permission object, call Get_PermissionSource().


The following tables list the members exposed by IPermission.

Public Properties

 NameDescription
Public propertyGranteeNameThe distinguished name (DN) or short name of the user or group to whom an access permission is granted.
Public propertyGranteeTypeSpecifies whether a group or a user is being granted a permission.
Public propertyInheritableDepthThe maximum depth to which a permission (ACL) can be inherited. As the ACL gets inherited in a tree of objects, the value is decremented. Example values are as follows:
  • 0 - No inheritance.
  • 1 - Immediate children only.
  • -1 - All children (infinite levels deep).
Public propertyPermissionSourceIndicates the source of the given permission.

The source of access rights can be:

  • a security template
  • inheritance from a parent object
  • default access rights from the class from which the object was instantiated
  • direct application (that is, through programmatically setting permissions with a method call)
  • permissions originating from a security proxy
Top

See Also