Message-ID: <1745338421.2510.1485845256610.JavaMail.confluence@ip-10-127-227-164>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related; 
	boundary="----=_Part_2509_405102787.1485845256610"

------=_Part_2509_405102787.1485845256610
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html

<html xmlns:o=3D'urn:schemas-microsoft-com:office:office'
      xmlns:w=3D'urn:schemas-microsoft-com:office:word'
      xmlns:v=3D'urn:schemas-microsoft-com:vml'
      xmlns=3D'urn:w3-org-ns:HTML'>
<head>
    <meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8=
">
    <title>Permissions</title>
    <!--[if gte mso 9]>
    <xml>
        <o:OfficeDocumentSettings>
            <o:TargetScreenSize>1024x640</o:TargetScreenSize>
            <o:PixelsPerInch>72</o:PixelsPerInch>
            <o:AllowPNG/>
        </o:OfficeDocumentSettings>
        <w:WordDocument>
            <w:View>Print</w:View>
            <w:Zoom>90</w:Zoom>
            <w:DoNotOptimizeForBrowser/>
        </w:WordDocument>
    </xml>
    <![endif]-->
    <style>
                <!--
        @page Section1 {
            size: 8.5in 11.0in;
            margin: 1.0in;
            mso-header-margin: .5in;
            mso-footer-margin: .5in;
            mso-paper-source: 0;
        }

        td {
            page-break-inside: avoid;
        }

        tr {
            page-break-after: avoid;
        }

        div.Section1 {
            page: Section1;
        }

        /* Confluence print stylesheet. Common to all themes for print medi=
a */
/* Full of !important until we improve batching for print CSS */

@media print {
    #main {
        padding-bottom: 1em !important; /* The default padding of 6em is to=
o much for printouts */
    }

    body {
        font-family: Arial, Helvetica, FreeSans, sans-serif;
        font-size: 10pt;
        line-height: 1.2;
    }

    body, #full-height-container, #main, #page, #content, .has-personal-sid=
ebar #content {
        background: #fff !important;
        color: #000 !important;
        border: 0 !important;
        width: 100% !important;
        height: auto !important;
        min-height: auto !important;
        margin: 0 !important;
        padding: 0 !important;
        display: block !important;
    }

    a, a:link, a:visited, a:focus, a:hover, a:active {
        color: #000;
    }

    #content h1,
    #content h2,
    #content h3,
    #content h4,
    #content h5,
    #content h6 {
        font-family: Arial, Helvetica, FreeSans, sans-serif;
        page-break-after: avoid;
    }

    pre {
        font-family: Monaco, "Courier New", monospace;
    }

    #header,
    .aui-header-inner,
    #navigation,
    #sidebar,
    .sidebar,
    #personal-info-sidebar,
    .ia-fixed-sidebar,
    .page-actions,
    .navmenu,
    .ajs-menu-bar,
    .noprint,
    .inline-control-link,
    .inline-control-link a,
    a.show-labels-editor,
    .global-comment-actions,
    .comment-actions,
    .quick-comment-container,
    #addcomment {
        display: none !important;
    }

    .comment .date::before {
        content: none !important; /* remove middot for print view */
    }

    h1.pagetitle img {
        height: auto;
        width: auto;
    }

    .print-only {
        display: block;
    }

    #footer {
        position: relative !important; /* CONF-17506 Place the footer at en=
d of the content */
        margin: 0;
        padding: 0;
        background: none;
        clear: both;
    }

    #poweredby {
        border-top: none;
        background: none;
    }

    #poweredby li.print-only {
        display: list-item;
        font-style: italic;
    }

    #poweredby li.noprint {
        display: none;
    }

    /* no width controls in print */
    .wiki-content .table-wrap,
    .wiki-content p,
    .panel .codeContent,
    .panel .codeContent pre,
    .image-wrap {
        overflow: visible !important;
    }

    /* TODO - should this work? */
    #children-section,
    #comments-section .comment,
    #comments-section .comment .comment-body,
    #comments-section .comment .comment-content,
    #comments-section .comment p {
        page-break-inside: avoid;
    }

    #page-children a {
        text-decoration: none;
    }

    /**
     hide twixies

     the specificity here is a hack because print styles
     are getting loaded before the base styles. */
    #comments-section.pageSection .section-header,
    #comments-section.pageSection .section-title,
    #children-section.pageSection .section-header,
    #children-section.pageSection .section-title,
    .children-show-hide {
        padding-left: 0;
        margin-left: 0;
    }

    .children-show-hide.icon {
        display: none;
    }

    /* personal sidebar */
    .has-personal-sidebar #content {
        margin-right: 0px;
    }

    .has-personal-sidebar #content .pageSection {
        margin-right: 0px;
    }
}
-->
    </style>
</head>
<body>
    <h1>Permissions</h1>
    <div class=3D"Section1">
        <p>Permissions in Platform form one of the most advanced permission=
s systems around, allowing you to define very fine-grained rights for your =
Editors, Visitors, Members and other users.</p>
<h2 id=3D"Permissions-Overview">Overview</h2>
<p>In the permission system a User by default does not have access to anyth=
ing. To get access they need to inherit Roles, typically assigned to the Us=
er Group they belong to.</p>
<h2 id=3D"Permissions-Model">Model</h2>
<h3 id=3D"Permissions-Roles">Roles</h3>
<p>First part of the permission model is the Roles, and they consist of the=
 following parts:</p>
<pre>RoleLimitation *- RoleAssignment &gt;- Role -&lt; Policy -*&lt; Limita=
tion</pre>
<ul>
<li>A Role assignment can optionally have a Limitation, <span style=3D"colo=
r: rgb(128,128,128);">Role Limitation examples: </span><a href=3D"/display/=
TECHDOC/SubtreeLimitation">SubTreeLimitation</a><span style=3D"color: rgb(1=
28,128,128);"> or </span><a href=3D"/display/TECHDOC/SectionLimitation">Sec=
tionLimitation</a></li>
<li>A Role can have several assignments, <span style=3D"color: rgb(128,128,=
128);">Role example: Editor, Member, ProSubscriber<br></span></li>
<li>A Role consists of several Policies, <span style=3D"color: rgb(128,128,=
128);">Policy example: content/read/*, content/edit/* (where * refers to fu=
ll access, that is no Limitation)</span></li>
<li>A Policy optionally consists of several Limitations, <span style=3D"col=
or: rgb(128,128,128);">Limitation example:</span><a href=3D"/display/TECHDO=
C/ContentTypeLimitation">ContentTypeLimitation</a>,<a href=3D"/display/TECH=
DOC/SectionLimitation">SectionLimitation</a>,<a href=3D"/display/TECHDOC/Ow=
nerLimitation">OwnerLimitation</a></li>
</ul>
<h3 id=3D"Permissions-Users">Users</h3>
<p>Second part of the model is made up of Users and User Groups:</p>
<pre>User -*&lt; UserGroup</pre>
<ul>
<li>A User can be member of several User Groups<span style=3D"color: rgb(12=
8,128,128);">, User Group examples: Administrator Users, Member Users, ProS=
ubscriber&nbsp;Users</span></li>
</ul>
<h3 id=3D"Permissions-Roleassignments">Role assignments</h3>
<p>Last part on the permission model is the fact that Role assignments can =
be assigned to both Users and User Groups:</p>
<pre>User - RoleAssignment - UserGroup</pre>
<p>&nbsp;</p>
<div class=3D"confluence-information-macro confluence-information-macro-inf=
ormation">
<p class=3D"title">Best Practice</p>
<span class=3D"aui-icon aui-icon-small aui-iconfont-info confluence-informa=
tion-macro-icon"></span>
<div class=3D"confluence-information-macro-body">
<p>Best practice is to avoid assigning Roles to Users directly, and instead=
 to make sure you model your content <em>(types, structure, sections, etc.)=
</em> in a way that can be reflected in generic roles. Besides being much e=
asier to manage and keep on top of security-wise, this also makes sure your=
 system performs best. <em>The more Role assignments and complex Policies y=
ou add for a given User, the more complex the search/load queries powering =
the whole CMS will be, as they always take permissions into account.</em></=
p>
</div>
</div>
<h2 id=3D"Permissions-Extensibility">Extensibility</h2>
<p>Two parts of the permissions system are extensible from a programmatic p=
erspective: Policies and Limitations</p>
<ul>
<li>Policies: <a href=3D"/display/TECHDOC/Custom+policies">Custom Policies =
can be added for use in your own code</a>, <span style=3D"color: rgb(128,12=
8,128);">custom Policy example: comment/create</span></li>
<li><a href=3D"/display/TECHDOC/Limitations+reference">Limitations</a>: You=
 can extend existing Policies, and hence extend the permissions of the CMS,=
 <span style=3D"color: rgb(128,128,128);">example could be adding a Subscri=
ptionLimitation to content/read Policy</span></li>
</ul>
<p>&nbsp;</p>
<p>&nbsp;</p>
<h5 id=3D"Permissions-Relatedtopics:">Related topics:</h5>
<ul>
<li><a href=3D"/display/TECHDOC/Limitations+reference">Limitations referenc=
e</a></li>
<li><a href=3D"/display/TECHDOC/Custom+policies">Custom policies</a></li>
</ul>
    </div>
</body>
</html>
------=_Part_2509_405102787.1485845256610--