The RoleDefinition Entity.
A RoleDefinition is a set of Privileges to be granted, a set of AccessTypes to be
granted, and a set of AccessTypes to be denied. A RoleDefinition by itself does not
have any effect; it must be referenced from an AssignedRole for the Privileges and
AccessTypes to take effect within a Scope specified by the AssignedRole.
A RoleDefinition can be marked AlwaysEnabled (meaning it is always enabled, by default,
and can not be disabled). AssignedRoles using RoleDefinitions that are not marked
AlwaysEnabled can be enabled through methods on the UserContext.
The following specifies which attributes are loaded when each Projection type is used
to load a RoleDefinition snapshot:
Projection.EMPTY loads the following:
Projection.BASIC loads the Projection.EMPTY fields and the following:
- SnapshotId
- Name
- Parent (The owning Scope)
- ModifiedBy
- ModifiedOn
- Deleted
- Description
- Privileges
- AccessTypes
- AlwaysEnabled
Projection.META loads Projection.Empty and Projection.BASIC fields and the following:
Projection.FULL does not load any additional fields.
The RoleDefinition's LocalACL (LACL) is managed using an AccessControlFieldsUpdater.
The RoleDefinition snapshot and the data it contains are immutable.
Below are examples in XML formats. All examples are shown with all inherited members. Quoting when required is part of the examples, but you must obviously populate with your own data.