customizing default permissions in securityService
I'm customizing some permission on the documents level and I have some questions regarding the atomic permissions.
I'm confused about some of the atomic permissions listed here, like what the difference between “browse” and “ReadProperties”, looks like “ReadProperties” include “browse” permission only and in “read” includes both of them, why we just include “ReadProperties” since it already contains “browse”.
Some of them are obvious by their names like (ReadVersion, WriteVersion, AddChildren, ReadChildren, RemoveChildren), but could anyone clarify these permissions purpose (ReadLifeCycle, WriteLifeCycle, ManageWorkflows, ReadSecurity, WriteSecurity).
Also, where can I find what the “Everything” permission includes? as mentioned here, so I can customize it. For example: I want to give a user read-write permission and include (give other users access) privilege without giving him “Everything” permission. is it possible?
I appreciate it if anyone could help me understand this or provide me with documentation.
Here is documentation on the differences between the atomic permissions:
Basic permissions and their groupings:
Browse: know about a document, but not necessarily get detailed information about it.
ReadProperties: read the properties of a document. This gives access to all the document's content, but not its security, and not its children if it's a folder.
ReadSecurity: read the security of a document.
ReadChildren: read the list of children of a folder.
Read: a grouping of
WriteProperties: write the properties of a document, excluding the security or the manipulation of children.
Version: checkin a version of the document.
WriteSecurity: write the security of a document.
AddChildren: add children to a folder.
RemoveChildren: remove children from a folder.
Remove: remove a document itself.
Write: a grouping of
Everything: a pseudo group of all the permissions in the system. `
I haven't been able to find the code for “Everything”, but you may be able to just make a new permission that includes ReadWrite and WriteSecurity to get what you want (I haven't tested this, but it seems like that would be the permission to allow for giving other users access).