public interface PermissionValue
Modifier and Type | Field and Description |
---|---|
static int |
GRANTEE_TYPE_GROUP
Value of 2001; specifies that the grantee is a group.
|
static int |
GRANTEE_TYPE_USER
Value of 2000; specifies that the grantee is a user.
|
static int |
INHERITABLE_DEPTH_NO_INHERITANCE
Value of 0; specifies that this permission cannot
be inherited.
|
static int |
INHERITABLE_DEPTH_ONE_LEVEL
Value of 1; specifies that this permission can be
inherited by immediate security children but no further.
|
static int |
INHERITABLE_DEPTH_UNLIMITED
Value of -1; specifies that this permission can be
inherited by security children to any depth.
|
static int |
LEVEL_ADD_TO_FOLDER
An alias for
LEVEL_LINK_FOLDER . |
static int |
LEVEL_FULL_CONTROL
Specifies full access rights to an object for
base level permissions and Web Content Management (WCM) extended permissions
(deploy and archive).
|
static int |
LEVEL_FULL_CONTROL_ANNOTATION
Specifies full access rights to
functions that can be performed on an
Annotation object. |
static int |
LEVEL_FULL_CONTROL_CLASSDEF
Specifies full access rights to
functions that can be performed on a
ClassDefinition object. |
static int |
LEVEL_FULL_CONTROL_CUSTOM
Specifies full access rights to
functions that can be performed on a
CustomObject object. |
static int |
LEVEL_FULL_CONTROL_DEFAULT
Specifies a combination of access rights to an object that
grant or deny a user or group the permission to make most types of
changes to a Content Engine object.
|
static int |
LEVEL_FULL_CONTROL_DOCUMENT
Specifies full access rights to
functions that can be performed on a
Document object. |
static int |
LEVEL_FULL_CONTROL_FOLDER
Specifies full access rights to
functions that can be performed on a
Folder object. |
static int |
LEVEL_FULL_CONTROL_FOLDER_INHERITABLE
Same as
LEVEL_FULL_CONTROL_FOLDER , but with the addition
of rights that are used only by those containees of the folder that
inherit security from that folder. |
static int |
LEVEL_FULL_CONTROL_MARKING
Specifies full access rights to an object for performing marking operations on
an object.
|
static int |
LEVEL_LINK_CLASSDEF
Specifies that the user or group is granted or denied permission
to link to and view a
ClassDefinition object's properties and security. |
static int |
LEVEL_LINK_CUSTOM
Specifies that the user or group is granted or denied permission
to link to and view a
CustomObject object's properties and security. |
static int |
LEVEL_LINK_FOLDER
Specifies that the user or group is granted or denied permission
to link to and unlink from
a
Folder object. |
static int |
LEVEL_MAJOR_VERSION_DOCUMENT
Specifies that the user or group is granted or denied permission to
create a new major version of a
Document object's content. |
static int |
LEVEL_MINOR_VERSION_DOCUMENT
Specifies that the user or group is granted or denied permission
to create a new minor version of a
Document object's content. |
static int |
LEVEL_MODIFY_CONTENT_DOCUMENT
An alias for
LEVEL_MAJOR_VERSION_DOCUMENT . |
static int |
LEVEL_MODIFY_PROPERTIES_ANNOTATION
An alias for
LEVEL_WRITE_ANNOTATION . |
static int |
LEVEL_MODIFY_PROPERTIES_CLASSDEF
An alias for
LEVEL_WRITE_CLASSDEF . |
static int |
LEVEL_MODIFY_PROPERTIES_CUSTOM
An alias for
LEVEL_WRITE_CUSTOM . |
static int |
LEVEL_MODIFY_PROPERTIES_DEFAULT
An alias for
LEVEL_WRITE_DEFAULT . |
static int |
LEVEL_MODIFY_PROPERTIES_DOCUMENT
An alias for
LEVEL_WRITE_DOCUMENT . |
static int |
LEVEL_MODIFY_PROPERTIES_FOLDER
An alias for
LEVEL_WRITE_FOLDER . |
static int |
LEVEL_MODIFY_PROPERTIES_FOLDER_INHERITABLE
Same as
LEVEL_WRITE_FOLDER , but with the addition
of rights that are used only by containees of the folder that
inherit security from that folder. |
static int |
LEVEL_PUBLISH
Specifies that the user or group is granted or denied permission to
publish the object; view its properties, security, and content; and
link to the object.
|
static int |
LEVEL_PUBLISH_DOCUMENT
An alias for
LEVEL_PUBLISH . |
static int |
LEVEL_READ
Specifies that the user or group is granted or denied permission to
view an object's properties and security.
|
static int |
LEVEL_VIEW
Specifies that the user or group is granted or denied permission to view
an object's properties, security, and content.
|
static int |
LEVEL_VIEW_CONTENT
An alias for
LEVEL_VIEW . |
static int |
LEVEL_VIEW_PROPERTIES
An alias for
LEVEL_READ . |
static int |
LEVEL_WRITE_ANNOTATION
Specifies that the user or group is granted or denied permission to
view an
Annotation object's
content; modify its properties; and create a new instance of an object. |
static int |
LEVEL_WRITE_CLASSDEF
Specifies that the user or group is granted or denied permission to
create an instance of the object; modify the object's properties; link
to the object; and create an instance of the object.
|
static int |
LEVEL_WRITE_CUSTOM
Specifies that the user or group is granted or denied permission to link
to a
CustomObject object; view and modify its properties; and
create a new instance of the object. |
static int |
LEVEL_WRITE_DEFAULT
Specifies that the user or group is granted or denied permission to
modify the object's properties and create a new instance of the object.
|
static int |
LEVEL_WRITE_DOCUMENT
Specifies that the user or group is granted or denied permission to
link to a
Document object; create a new instance of the
object; change the object's lifecycle state;
view its content; and modify its properties. |
static int |
LEVEL_WRITE_FOLDER
Specifies that the user or group is granted or denied permission to
create a subfolder under a
Folder object. |
static int |
PERMISSION_SOURCE_DEFAULT
Value of 1; specifies that the permission was acquired by default.
|
static int |
PERMISSION_SOURCE_DIRECT
Value of 0; specifies that the permission was directly added.
|
static int |
PERMISSION_SOURCE_PARENT
Value of 3; specifies that the permission was acquired from a security
parent.
|
static int |
PERMISSION_SOURCE_TEMPLATE
Value of 2; specifies that the permission was acquired from a security
template.
|
static java.lang.String |
PRINCIPAL_NAME_AUTHENTICATED_USERS
Value of
"#AUTHENTICATED-USERS" ; specifies that the
security principal name is the built-in group called AUTHENTICATED-USERS . |
static java.lang.String |
PRINCIPAL_NAME_CREATOR_OWNER
Value of
"#CREATOR-OWNER" ; specifies that the security
principal name is the built-in group called CREATOR-OWNER . |
static java.lang.String[] |
PRINCIPAL_NAME_SPECIAL
A String array that specifies the security principal name as the two built-in
groups called
CREATOR-OWNER and AUTHENTICATED-USERS . |
static int |
RIGHT_ADD_MARKING
Value of 0x2000000; specifies that the user or group is granted
or denied permission to assign a
Marking object to an
object. |
static int |
RIGHT_ARCHIVE
Deprecated.
|
static int |
RIGHT_CHANGE_STATE
Value of 0x00000400; specifies that the user or group is granted
or denied permission to change the lifecycle state of an object.
|
static int |
RIGHT_CREATE_CHILD
Value of 0x00000200; specifies that the user or group
is granted or denied permission to create a child object.
|
static int |
RIGHT_CREATE_INSTANCE
Value of 0x00000100; specifies that the user or group
is granted or denied permission to create a new instance of an object.
|
static int |
RIGHT_DELETE
Value of 0x00010000; specifies that the user or group is granted
or denied permission to delete an object.
|
static int |
RIGHT_DEPLOY
Deprecated.
|
static int |
RIGHT_LINK
Value of 0x00000010; specifies that the user or group is granted
or denied permission to link to an object.
|
static int |
RIGHT_MAJOR_VERSION
Value of 0x00000004; specifies that the user or group is
granted or denied permission to create a document
major version.
|
static int |
RIGHT_MINOR_VERSION
Value of 0x00000040; specifies that the user or group
is granted or denied permission to create a new document minor version.
|
static int |
RIGHT_PUBLISH
Value of 0x00000800; specifies that the user or group is granted
or denied permission to publish an object.
|
static int |
RIGHT_READ
Value of 0x00000001; specifies that the user or group is granted or denied permission to view
the properties of an object.
|
static int |
RIGHT_READ_ACL
Value of 0x00020000; specifies that the user or group is granted
or denied permission to
view an object's security (that is, its
Permissions collection). |
static int |
RIGHT_REMOVE_MARKING
Value of 0x4000000; specifies that the user or group is granted
or denied permission to remove a
Marking object from an
object. |
static int |
RIGHT_UNLINK
Value of 0x00000020; specifies that the user or group is granted
or denied permission to unlink from an object.
|
static int |
RIGHT_USE_MARKING
Value of 0x8000000; determines whether or not the constraint mask will be
applied.
|
static int |
RIGHT_VIEW_CONTENT
Value of 0x00000080; specifies that the user or group
is granted or denied permission to view the content of an object.
|
static int |
RIGHT_WRITE
Value of 0x00000002; specifies that the user or group is granted
or denied permission to modify the properties of an object.
|
static int |
RIGHT_WRITE_ACL
Value of 0x00040000; specifies that the user or group is granted
or denied permission to
modify an object's security (that is, its
Permissions collection). |
static int |
RIGHT_WRITE_OWNER
Value of 0x00080000; specifies that the user or group is granted
or denied permission to change an object's ownership.
|
static int |
TYPE_ALLOW
Value of 1; specifies that the
user or group has permission for the given access to a specified object.
|
static int |
TYPE_DENY
Value of 2; specifies that the user or group does not have the given access
to a specified object.
|
Modifier and Type | Method and Description |
---|---|
int |
getAccessMask()
Returns an integer representing the type of permission assigned to a
user or group.
|
int |
getAccessType()
Returns an integer that indicates whether a user or group is allowed
or denied access.
|
java.lang.String |
getGranteeName()
Returns a
String representing the name of the object being assigned
permission. |
int |
getGranteeType()
Returns the type of the permission grantee.
|
int |
getInheritableDepth()
Returns an integer that represents the maximum number of levels (depth) through
which this permission can be inherited.
|
int |
getPermissionSource()
Returns the source of this permission.
|
static final int GRANTEE_TYPE_USER
static final int GRANTEE_TYPE_GROUP
static final int TYPE_ALLOW
Explicitly (directly) set permissions take precedence over inherited permissions. The order of precedence is: direct deny, direct allow, inherited deny, inherited allow.
static final int TYPE_DENY
TYPE_DENY
takes precedence over TYPE_ALLOW
for
a given user or group. For example, if RIGHT_WRITE
permission
to an object is denied for a group, any individual
user in that group who has RIGHT_WRITE
permission on the object
will be denied RIGHT_WRITE
access to it.
The group's access type of TYPE_DENY
takes precedence over
an individual group member's access (TYPE_ALLOW
) for the same permission
on the same object.
Explicitly (directly) set permissions take precedence over inherited permissions. The order of precedence is: direct deny, direct allow, inherited deny, inherited allow.
static final int RIGHT_READ
static final int RIGHT_WRITE
static final int RIGHT_MAJOR_VERSION
static final int RIGHT_LINK
static final int RIGHT_UNLINK
static final int RIGHT_MINOR_VERSION
static final int RIGHT_VIEW_CONTENT
static final int RIGHT_CREATE_INSTANCE
static final int RIGHT_CREATE_CHILD
static final int RIGHT_CHANGE_STATE
static final int RIGHT_PUBLISH
static final int RIGHT_DEPLOY
static final int RIGHT_ARCHIVE
static final int RIGHT_DELETE
static final int RIGHT_READ_ACL
Permissions
collection).static final int RIGHT_WRITE_ACL
Permissions
collection).static final int RIGHT_WRITE_OWNER
static final int RIGHT_ADD_MARKING
Marking
object to an
object.static final int RIGHT_REMOVE_MARKING
Marking
object from an
object.static final int RIGHT_USE_MARKING
RIGHT_USE_MARKING
access
right, then the constraint mask is applied to the Effective Access Mask
that was computed by the authorization service.static final int LEVEL_READ
RIGHT_READ | RIGHT_READ_ACL.
static final int LEVEL_VIEW_PROPERTIES
LEVEL_READ
.static final int LEVEL_WRITE_DEFAULT
RIGHT_CREATE_INSTANCE | RIGHT_WRITE | LEVEL_READ
.static final int LEVEL_MODIFY_PROPERTIES_DEFAULT
LEVEL_WRITE_DEFAULT
.static final int LEVEL_FULL_CONTROL_DEFAULT
In a WCM application, this level also grants or denies permission to deploy an object to a WCM-managed web site and to archive the object to a WCM database.
Assigning this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_ARCHIVE | RIGHT_DELETE | RIGHT_DEPLOY | RIGHT_WRITE_ACL |
RIGHT_WRITE_OWNER | LEVEL_WRITE_DEFAULT.
static final int LEVEL_VIEW
RIGHT_VIEW_CONTENT | LEVEL_READ
.static final int LEVEL_VIEW_CONTENT
LEVEL_VIEW
.static final int LEVEL_LINK_CLASSDEF
ClassDefinition
object's properties and security. Setting
this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_LINK | LEVEL_READ
.static final int LEVEL_LINK_CUSTOM
CustomObject
object's properties and security. Setting
this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_LINK | LEVEL_READ
.static final int LEVEL_LINK_FOLDER
Folder
object. The user or group can also view the folder's
properties and security. Setting
this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_LINK | RIGHT_UNLINK | LEVEL_READ
.static final int LEVEL_ADD_TO_FOLDER
LEVEL_LINK_FOLDER
.static final int LEVEL_PUBLISH
RIGHT_LINK | RIGHT_PUBLISH | LEVEL_VIEW
.static final int LEVEL_PUBLISH_DOCUMENT
LEVEL_PUBLISH
.static final int LEVEL_WRITE_ANNOTATION
Annotation
object's
content; modify its properties; and create a new instance of an object. Setting
this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_CREATE_INSTANCE | RIGHT_VIEW_CONTENT | RIGHT_WRITE | LEVEL_READ
.static final int LEVEL_MODIFY_PROPERTIES_ANNOTATION
LEVEL_WRITE_ANNOTATION
.static final int LEVEL_WRITE_CLASSDEF
RIGHT_CREATE_CHILD | RIGHT_CREATE_INSTANCE | RIGHT_LINK |
RIGHT_WRITE | LEVEL_READ
.static final int LEVEL_MODIFY_PROPERTIES_CLASSDEF
LEVEL_WRITE_CLASSDEF
.static final int LEVEL_WRITE_CUSTOM
CustomObject
object; view and modify its properties; and
create a new instance of the object. Setting
this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_CREATE_INSTANCE | RIGHT_LINK | RIGHT_WRITE | LEVEL_READ
.static final int LEVEL_MODIFY_PROPERTIES_CUSTOM
LEVEL_WRITE_CUSTOM
.static final int LEVEL_WRITE_DOCUMENT
Document
object; create a new instance of the
object; change the object's lifecycle state;
view its content; and modify its properties. Setting
this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_CHANGE_STATE | RIGHT_CREATE_INSTANCE | RIGHT_LINK |
RIGHT_VIEW_CONTENT | RIGHT_WRITE | LEVEL_READ.
static final int LEVEL_MODIFY_PROPERTIES_DOCUMENT
LEVEL_WRITE_DOCUMENT
.static final int LEVEL_WRITE_FOLDER
Folder
object.
The user or group can also link to and unlink
from the subfolder and modify its properties. Setting
this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_CHANGE_STATE | RIGHT_CREATE_CHILD |
RIGHT_CREATE_INSTANCE | RIGHT_LINK | RIGHT_UNLINK |
RIGHT_MINOR_VERSION |
RIGHT_MAJOR_VERSION | RIGHT_PUBLISH | RIGHT_VIEW_CONTENT |
RIGHT_WRITE | LEVEL_READ.
static final int LEVEL_MODIFY_PROPERTIES_FOLDER
LEVEL_WRITE_FOLDER
.static final int LEVEL_MODIFY_PROPERTIES_FOLDER_INHERITABLE
LEVEL_WRITE_FOLDER
, but with the addition
of rights that are used only by containees of the folder that
inherit security from that folder. Those additional rights are:
RIGHT_CHANGE_STATE | RIGHT_MAJOR_VERSION | RIGHT_MINOR_VERSION |
RIGHT_PUBLISH | RIGHT_VIEW_CONTENT
.static final int LEVEL_MAJOR_VERSION_DOCUMENT
Document
object's content.
The user or group can also link to a Document
object; change its state; modify its properties; and view its content. Setting
this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_MAJOR_VERSION | RIGHT_MINOR_VERSION | LEVEL_MODIFY_PROPERTIES_DOCUMENT
.static final int LEVEL_MINOR_VERSION_DOCUMENT
Document
object's content.
The user or group can also link to a Document
object; change its state; modify its properties; and view its content.
Setting this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_MINOR_VERSION | LEVEL_MODIFY_PROPERTIES_DOCUMENT
.static final int LEVEL_MODIFY_CONTENT_DOCUMENT
LEVEL_MAJOR_VERSION_DOCUMENT
.static final int LEVEL_FULL_CONTROL_ANNOTATION
Annotation
object. A
user or group assigned this level of access is granted or denied
permission to create an instance of the object; modify the object's
properties and security; change the object's ownership; and view the object's content.
Setting this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_DELETE | RIGHT_WRITE_ACL | RIGHT_WRITE_OWNER |
LEVEL_MODIFY_PROPERTIES_ANNOTATION
.static final int LEVEL_FULL_CONTROL_CLASSDEF
ClassDefinition
object. A
user or group assigned this level of access is granted or denied permission to
modify the object's properties and security; create an instance of the object;
change the object's ownership; and delete the object.
Assigning this access level is equivalent to setting the
following combination of Level access rights:
RIGHT_DELETE | RIGHT_WRITE_ACL | RIGHT_WRITE_OWNER | LEVEL_MODIFY_PROPERTIES_CLASSDEF
.static final int LEVEL_FULL_CONTROL_CUSTOM
CustomObject
object. A
user or group assigned this level of access is granted or denied permission to
link to the object; modify its properties and its security; change the
object's ownership; and delete the object. In a
Web Content Management application, this level also grants or denies
permission to deploy the CustomObject
object to a
WCM-managed web site and archive it to WCM archive database.
Assigning this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_ARCHIVE | RIGHT_DELETE | RIGHT_DEPLOY | RIGHT_WRITE_ACL |
RIGHT_WRITE_OWNER | LEVEL_MODIFY_PROPERTIES_CUSTOM |
.static final int LEVEL_FULL_CONTROL_DOCUMENT
Document
object. A user or group assigned
this level of access is granted or denied permission to link to
the Document
object; publish the document; modify its
properties and its security; change its state; view its contents;
create a new version of its content; and changes its ownership. In a
Web Content Management application, this level also grants or denies
permission to deploy the Document
object to a
WCM-managed web site and archive it to a WCM archive database.
Assigning this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_ARCHIVE | RIGHT_DELETE | RIGHT_DEPLOY | RIGHT_MAJOR_VERSION |
RIGHT_PUBLISH | RIGHT_WRITE_ACL | RIGHT_WRITE_OWNER | LEVEL_MODIFY_CONTENT_DOCUMENT
.static final int LEVEL_FULL_CONTROL_FOLDER
Folder
object. A
user or group assigned this level of access is granted or denied
permission to link to and
unlink from the Folder
object; create a subfolder;
modify the object's properties and its security; change the object's ownership;
and delete the object. In a Web Content
Management (WCM) application, this level also grants or denies
permission to deploy the folder to a WCM-managed web site and archive the
folder to a WCM database.
Assigning this access level is equivalent to setting the
following combination of individual and Level access rights:
RIGHT_ARCHIVE | RIGHT_DELETE | RIGHT_DEPLOY | RIGHT_MAJOR_VERSION |
RIGHT_WRITE_ACL | RIGHT_WRITE_OWNER | LEVEL_MODIFY_PROPERTIES_FOLDER
.static final int LEVEL_FULL_CONTROL_FOLDER_INHERITABLE
LEVEL_FULL_CONTROL_FOLDER
, but with the addition
of rights that are used only by those containees of the folder that
inherit security from that folder. Those additional rights are:
RIGHT_CHANGE_STATE | RIGHT_MINOR_VERSION | RIGHT_PUBLISH | RIGHT_VIEW_CONTENT
.static final int LEVEL_FULL_CONTROL
LEVEL_FULL_CONTROL_XXX
constants.static final int LEVEL_FULL_CONTROL_MARKING
RIGHT_ADD_MARKING | RIGHT_REMOVE_MARKING | RIGHT_USE_MARKING
.static final int PERMISSION_SOURCE_DIRECT
setPermissions
directly assigns permissions to an object and sets its PermissionSource
property to a value of 0.static final int PERMISSION_SOURCE_DEFAULT
static final int PERMISSION_SOURCE_TEMPLATE
static final int PERMISSION_SOURCE_PARENT
static final int INHERITABLE_DEPTH_NO_INHERITANCE
static final int INHERITABLE_DEPTH_ONE_LEVEL
static final int INHERITABLE_DEPTH_UNLIMITED
static final java.lang.String PRINCIPAL_NAME_CREATOR_OWNER
"#CREATOR-OWNER"
; specifies that the security
principal name is the built-in group called CREATOR-OWNER
.static final java.lang.String PRINCIPAL_NAME_AUTHENTICATED_USERS
"#AUTHENTICATED-USERS"
; specifies that the
security principal name is the built-in group called AUTHENTICATED-USERS
.static final java.lang.String[] PRINCIPAL_NAME_SPECIAL
CREATOR-OWNER
and AUTHENTICATED-USERS
.int getAccessMask()
To determine whether the permission returned by a call to
getAccessMask()
is allowed or denied, call
getAccessType()
.
int getAccessType()
To determine the permissions that a call to getAccessType
reports as allowed or denied, call getAccessMask()
.
java.lang.String getGranteeName()
String
representing the name of the object being assigned
permission. (To determine if the grantee is a user
or group, call getGranteeType()
).String
representing the grantee name.int getGranteeType()
GRANTEE_TYPE_USER
(2000) or
GRANTEE_TYPE_GROUP
(2001).int getPermissionSource()
int getInheritableDepth()
INHERITABLE_DEPTH_NO_INHERITANCE
) - permission cannot be inherited.INHERITABLE_DEPTH_ONE_LEVEL
) - permission is restricted to inheritance by the immediate security child only.INHERITABLE_DEPTH_UNLIMITED
- can be inherited by an unlimited level of security children.You must have RIGHT_READ_ACL permissions to be able to retrieve this value.
© Copyright IBM Corp. 2006, 2013. All Rights Reserved.