...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<!-- Users with this role are not allowed to read, update or delete any object. --> <role> <name>CAN_DELETE_NOTHING</name> </role> <!-- Users with this role can delete any object. No conditions have to be matched. --> <role> <name>CAN_DELETE_EVERYTHING</name> <permission> <action>delete</action> </permission> </role> <!-- Users with this role can delete objects that match the condition. In this case only objects of type 'appTable:order' or 'appEmail:email' can be deleted. --> <role> <name>CAN_DELETE_SOMETHING</name> <permission> <action>delete</action> <condition> system:objectTypeId IN ('appTable:order', 'appEmail:email') </condition> </permission> </role> |
...