...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<!-- Users with this role are not allowed to create, update or delete any object. -->
<role>
<name>CAN_CREATE_NOTHING</name>
</role>
<!-- Users with this role can create any object. No conditions have to be matched. -->
<role>
<name>CAN_CREATE_EVERYTHING</name>
<permission>
<action>create</action>
</permission>
</role>
<!-- Users with this role can create objects that match the condition. In this case only objects of type 'appTable:order' or 'appEmail:email' can be created. -->
<role>
<name>CAN_CREATE_SOMETHING</name>
<permission>
<action>create</action>
<condition>
system:objectTypeId IN ('appTable:order', 'appEmail:email')
</condition>
</permission>
</role> |
...
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<?xml version="1.0" encoding="utf-8"?>
<roleSet xmlns="http://optimal-systems.org/ns/dmscloud/roleset/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://optimal-systems.org/ns/dmscloud/roleset/ dmsCloud-roles.xsd">
<role>
<name>RoleEmail</name>
<permission>
<action>read</action>
<condition>system:objectTypeId = 'email:email'</condition>
</permission>
</role>
<role>
<name>RoleDocument</name>
<permission>
<action>read</action>
<condition>system:objectTypeId = 'document'</condition>
</permission>
</role>
<role>
<name>RoleEmailAndDocument</name>
<permission>
<action>read</action>
<condition>system:objectTypeId in ('email:email', 'document')</condition>
</permission>
</role>
<role>
<name>AdminRole</name>
<permission>
<action>read</action>
<action>delete</action>
</permission>
</role>
</roleSet> |
...