Object permissions

Object permissions

Welcome to our Knowledge Base

Documentation | Blog | Demos | Support

< All Topics
Print

Object permissions

There are two types of permissions – object permissions (EntitySets, relationships, and directories) and field-level permissions. Field level permissions take precedence over object permissions. The permissions are set as follows: The following chart summarizes the permissions needed in order to successfully execute a given form of data manipulation on an object where permissions are currently in place. Definitions are as follows:

  • Owner refers to the user who created an object.
  • Group refers to any user who shares a common group ID with the object’s owner.
  • Other refers to any user who does not share a common group ID with the object’s owner.

Note: Any user with a GroupID equal to 0 is considered to be a superuser. Superusers are not governed by permissions currently in place on objects, fields, or both. Thus, an object is created by a person logged in as superuser, then permissions applied to the Group are ignored since every user in the creator’s group is a super user. It is not advisable to create objects while logged in as a superuser, in order to take full advantage of Zim’s security features. Different permissions can be assigned to objects, fields, or both for users inside the owner’s group (Group) and to users outside the objects’ owner group (Other).

WhoEntitySet permissionField permissionListChangeAddDelete
ownerR*****nononono
ownerR***R*yesnonono
ownerR***RUyesnonono
groupR*****nononono
groupR***R*yesnonono
groupR***RUyesnonono
otherR*****nononono
otherR***R*yesnonono
otherR***RUyesnonono
ownerRA****nononull(1)no
ownerRA**R*yesnonull(1)no
ownerRA**RUyesnoyesno
groupRA****nononull(1)no
groupRA**R*yesnonull(1)no
groupRA**RUyesnoyesno
otherRA****nononull(1)no
otherRA**R*yesnonull(1)no
otherRA**RUyesnoyesno
ownerRAC***nononull(1)no
ownerRAC*R*yesnonull(1)no
ownerRAC*RUyesyesyesno
groupRAC***nononull(1)no
groupRAC*R*yesnonull(1)no
groupRAC*RUyesyesyesno
otherRAC***nononull(1)no
otherRAC*R*yesnonull(1)no
otherRAC*RUyesyesyesno
ownerRACD**nononull(1)yes
ownerRACDR*yesnonull(1)yes
ownerRACDRUYesyesnull(1)yes
groupRACD**nononull(1)yes
groupRACDR*yesnonull(1)yes
groupRACDRUyesyesyesyes
otherRACD**nononull(1)yes
otherRACDR*yesnonull(1)yes
otherRACDRUyesyesyesyes

where R = read, A = Add, C = Change, and D = Delete (1) Null values for all fields with no update permission

Was this article helpful?
5 out of 5 stars

1 rating

5 Stars 100%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

pt_BRPortuguese