.. _frontreference_permissions: Permissions =========== .. ---------------------------------------------------------------------------- .. _frontreference_permissions_global: Global permissions ------------------ Principle ````````` There are three kinds of global permissions: * ``read``: list all objects and view properties * ``update``: update object properties * ``create``: create and delete objects They apply to the following objects: * documentation (``doc``) * users (``usr``) * user groups (``grp``) * storages (``stg``) * projects (``prj``) So, for instance, ``usr.update`` means that you can update user properties. Permissions are gathered in permission groups (``obj`` is one of the above objects): * ``group:obj_user`` = ``obj.read`` * ``group:obj_editor`` = ``obj.read`` + ``obj.update`` * ``group:obj_manager`` = ``obj.read`` + ``obj.update`` + ``obj.create`` In addition, ``group:admin`` gives all permissions to its owner. Exhaustive lists ```````````````` Here are all permissions: * administration: ``admin`` * documentation: ``doc.update``, ``doc.create`` * users: ``usr.read``, ``usr.update``, ``usr.create`` * groups: ``grp.read``, ``grp.update``, ``grp.create`` * storages: ``stg.read``, ``stg.update``, ``stg.create`` * projects: ``prj.read``, ``prj.update``, ``prj.create`` And, permission groups: * Administrator: * ``group:admin`` = ``admin`` * Documentation manipulation: * ``group:doc_editor`` = ``doc.update`` * ``group:doc_manager`` = ``doc.update`` + ``doc.create`` * User manipulation: * ``group:usr_user`` = ``usr.read`` * ``group:usr_editor`` = ``usr.read`` + ``usr.update`` * ``group:usr_manager`` = ``usr.read`` + ``usr.update`` + ``usr.create`` * Group manipulation: * ``group:grp_user`` = ``grp.read`` * ``group:grp_editor`` = ``grp.read`` + ``grp.update`` * ``group:grp_manager`` = ``grp.read`` + ``grp.update`` + ``grp.create`` * Storage manipulation: * ``group:stg_user`` = ``stg.read`` * ``group:stg_editor`` = ``stg.read`` + ``stg.update`` * ``group:stg_manager`` = ``stg.read`` + ``stg.update`` + ``stg.create`` * Project manipulation: * ``group:prj_user`` = ``prj.read`` * ``group:prj_editor`` = ``prj.read`` + ``prj.update`` * ``group:prj_manager`` = ``prj.read`` + ``prj.update`` + ``prj.create`` .. ---------------------------------------------------------------------------- .. _frontreference_permissions_storage: Permissions on a storage ------------------------ When a user can access a storage because he has at least the global permission ``stg.read`` and the storage is opened or the user or one of its groups is authorized, he has one of the following storage permission: * ``reader``: he can see or download files or directories * ``writer``: he can create, modify or uplaod files or directories .. ---------------------------------------------------------------------------- .. _frontreference_permissions_project: Permissions on a project ------------------------ When a user participates in a project because he has at least the global permission ``prj.read`` and he is in the list of project members, he has one of the following project permission: * ``member``: he can see and download packs and modify files of packs * ``packeditor``: he can modify packs * ``packmaker``: he can create and modify packs * ``leader``: he can modify project settings: roles, tasks, members, processing, packs