This section describes the configuration of permissions. The setting of permissions is written from the administrator's point of view.
There are three basic ways to set permissions for a user:
By performing methods on PermissionApi. A user can call these methods only if that user has the appropriate permissions.
By calling methods via SOAP or via the Registry Console.
By changing permissions directly in the configuration file.
The PermissionApi contains several methods for managing permissions. These methods are described below:
Used for obtaining all of a user's permissions. A user possessing the ApiManagerPermission can obtain permissions of other users. A user with only ApiUserPermission, can only discover his or her own permissions.
Note that users who have neither ApiUserPermission nor ApiManagerPermission for a method on PermissionApi, cannot call this method.
Provides users the ability to set permissions for other users. It is necessary to possess ApiManagerPermission for this call.
Similar to get_permission, this method can be called for more than one user at a time.
get_permission takes a principal as the input parameter. On the other hand, get_permissionDetail takes an array of principals as the input parameter. If you want to find out the permissions of three users, you can call get_permission three times or you can call get_permissionDetail once.
Enables a user to find out who owns a given permission.
Important | |
---|---|
It is not recommended to change permissions directly in the configuration file. However, if the administrator wants to change default permissions for new users (meaning changing permissions for the group system#everyone), there is no other possibility. Before making any changes to these permissions, we strongly recommend making a reserve copy of the configuration. The permissions for special users or groups are stored in the file permission_list.xml. |