...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<!-- Users with this role are not allowed to read, update or delete any object. -->
<role>
<name>CAN_DELETE_NOTHING</name>
</role>
<!-- Users with this role can delete any object. No conditions have to be matched. -->
<role>
<name>CAN_DELETE_EVERYTHING</name>
<permission>
<action>delete</action>
</permission>
</role>
<!-- Users with this role can delete objects that match the condition. In this case only objects of type 'appTable:order' or 'appEmail:email' can be deleted. -->
<role>
<name>CAN_DELETE_SOMETHING</name>
<permission>
<action>delete</action>
<condition>
system:objectTypeId IN ('appTable:order', 'appEmail:email')
</condition>
</permission>
</role> |
...