Oracle® Content Services Application Developer's Guide 10g Release 1 (10.1.2.2) Part Number B25277-02 |
|
|
View PDF |
Table A-1
Administrative Role | Permissions | Applicable to Domain (D), Container (C), or Workspace (W) | Propagating? | ||
---|---|---|---|---|---|
CategoryAdministrator |
Discover, AdministerCategory |
D |
|
|
false |
ConfigurationAdministrator |
Discover, AdministerConfiguration |
D |
C |
W |
true |
ContainerAdministrator |
Discover, AdministerContainer, CreateContainer |
D |
C |
|
true |
ContentAdministrator |
Discover, AddItem, AddVersion, Copy, CreateFolder, Delete, GetContent, GetMetadata, Lock, Move, SetAttribute, SetContent, SetMetadata |
D |
C |
W |
true |
DomainAdministrator |
Discover, AdministerDomain |
D |
|
|
false |
QuotaAdministrator |
Discover, AdministerQuota |
D |
C |
|
true |
RecordsAdministrator |
Discover, AdministerRecord |
D |
|
|
false |
RoleAdministrator |
Discover, AdministerRole |
D |
|
|
false |
SecurityAdministrator |
Discover, AdministerSecurity |
D |
C |
W |
true |
UserAdministrator |
Discover, AdministerUser |
D |
|
|
false |
WorkspaceAdministrator |
Discover, AdministerWorkspace, CreateWorkspace |
D |
C |
W |
true |
Table A-2
Standard (Non-Administrative) Role | Permissions | Applicable to Domain (D), Container (C), or Workspace (W) | Propagating? | ||
---|---|---|---|---|---|
Administrative Assistant |
Discover, AddItem, AdministerConfiguration, AdministerSecurity, CreateFolder |
|
|
W |
false |
Administrator |
Discover, AddItem, AddVersion, AdministerConfiguration, AdministerSecurity, AdministerWorkspace, Copy, CreateFolder, Delete, GetContent, GetMetadata, Lock, Move, SetAttribute, SetContent, SetMetadata |
|
|
W |
true |
Approver |
Discover, Copy, GetContent, GetMetadata, Lock, SetAttribute, SetContent, SetMetadata |
|
|
W |
false |
Author |
Discover, AddItem, AddVersion, Copy, CreateFolder, Delete, GetContent, GetMetadata, Lock, Move, SetAttribute, SetContent, SetMetadata |
|
|
W |
false |
Commentator |
Discover, Copy, GetContent, GetMetadata, Lock, SetAttribute, SetContent, SetMetadata |
|
|
W |
false |
ContainerViewer |
Discover |
D |
C |
|
false |
ContentEditor |
Discover, AddItem, AddVersion, Copy, CreateFolder, GetContent, GetMetadata, Lock, SetAttribute, SetContent, SetMetadata |
|
|
W |
false |
Custodian |
Discover, AddItem, AddVersion, Copy, CreateFolder, GetContent, GetMetadata, Lock, SetAttribute, SetContent, SetMetadata |
|
|
W |
false |
Discoverer |
Discover |
|
|
W |
false |
LimitedAuthor |
Discover, AddItem, AddVersion, Copy, CreateFolder, GetContent, GetMetadata, Lock, SetAttribute, SetContent, SetMetadata |
|
|
W |
false |
Manager |
AdministerSecurity, CreateFolder |
|
|
W |
false |
None |
NONE |
|
|
|
false |
Organizer |
Discover, Copy, Delete, GetMetadata, Lock, Move, SetAttribute, SetMetadata |
|
|
W |
false |
Participant |
Discover, AddItem, AddVersion, Copy, CreateFolder, Delete, GetContent, GetMetadata, Lock, Move, SetAttribute, SetContent, SetMetadata |
|
|
W |
false |
Reader |
Discover, Copy, GetContent, GetMetadata |
|
|
W |
false |
Reviewer |
Discover, Copy, GetContent, GetMetadata |
|
|
W |
false |
WorkspaceCreator |
Discover, CreateWorkspace |
D |
C |
|
true |
Table A-3 FDK Constants for defined Roles
Role | FdkConstant |
---|---|
CategoryAdministrator |
|
ConfigurationAdministrator |
|
ContainerAdministrator |
|
ContentAdministrator |
|
DomainAdministrator |
|
QuotaAdministrator |
|
RecordsAdministrator |
|
RoleAdministrator |
|
SecurityAdministrator |
|
UserAdministrator |
|
WorkspaceAdministrator |
|
ContainerViewer |
|
WorkspaceCreator |
|
Administrator |
|
Table A-4 Permissions for Oracle Content Services roles
Permission | Description | FDK Constant |
---|---|---|
AddItem |
Add an item to a folder (by create, or move operation) |
|
AddVersion |
Add a new version to a version controlled document item |
|
AdministerConfiguration |
Create, modify, or delete configuration categories on an item (with the exception of SecurityConfiguration and QuotaConfiguration) |
|
AdministerContainer |
Modify or delete a container. Permission is required on the parent item of the container being modified or deleted. |
|
AdministerCategory |
Create, modify, or delete a category class object |
|
AdministerDomain |
Modify a domain's properties |
|
AdministerQuota |
Modify the quota configuration of a workspace item |
|
AdministerRecord |
Create, modify, or delete a record file plan. Also allows user to remove "record" status from an existing record item and perform other records management administration. |
|
AdministerRole |
Create, modify, or delete a custom role |
|
AdministerSecurity |
Create, modify, or delete security configuration of an item |
|
AdministerUser |
Modify or delete a domain's users and groups. Additionally, enables user to get and set user preferences including domain defaults. |
|
AdministerWorkspace |
Modify or delete a workspace |
|
Copy |
Copy an item |
|
CreateContainer |
Create a container |
|
CreateFolder |
Create a folder |
|
CreateWorkspace |
Create a workspace (not needed for creation of a personal workspace) |
|
Delete |
Delete an item |
|
Discover |
Discover an item and view its basic metadata (such as name, description, and creation date). Permission is implicit if the user is granted any other permission on the item. |
|
GetContent |
Get the content of a document item |
|
GetMetadata |
Get the metadata (category information) of an item |
|
Lock |
Lock a document item |
|
Move |
Move an item. Requires AddItem permission on the destination folder. |
|
SetAttribute |
Set basic attributes of an item (description). Permission is required to rename Document, Folder, Family, and Link items. For link items, this permission also allows users to change the object referenced by the link. |
|
SetContent |
Set the content of a non-version-controlled document item |
|
SetMetadata |
Set the metadata (create, modify, or delete category information) of an item |
|
Notes on permission types:
Within a single grant, the same Role may not appear more than once
Within a single grant, the "NONE" Role may not be combined with any other role
If the grantee belongs to the "World" group, the Domain must be enabled for world group grants.
The SetAttribute permission is required to rename a Document, Folder, Family, or Link.
The AdministerWorkspace permission is required to rename a Workspace.
The AdministerContainer permission is required to rename a Container.
The System Admin privileges are required to rename a Domain.
The SecurityAdministrator role is the most powerful; users granted this role can grant themselves or anybody else all available access.
To delete a Container, a user must have the AdministerContainer permission on the parent of the container being deleted.
When deleting a Container, all recursively contained sub-containers and sub-workspaces are also deleted. The user must have permission to delete the sub-containers according to the rule stated above. The user must also have AdministerWorkspace permission on all of the sub-workspaces that are to be deleted. If the user does not have these required permissions, the originating container delete will fail with an ACCESS_DENIED
exception. Containers that are deleted are permanently deleted; deleted workspaces have the workspace's contents moved to the archive.