Skip to content

app > acl

Path: metadata > app > acl.

Access control level parameters for the system (excluding portals).

mandatory

Object.<string, Object>

Access levels forcibly applied for regular and API users. These roles can't be changed by Roles assigned to a user.

scopeLevel

Object.<string, (Object|boolean|string)>

Mandatory access levels for specific scopes.

Example:

{
    "mandatory": {
        "scopeLevel": {
            "MyEntityType1": {
                "create": "yes",
                "read": "own",
                "edit": "own",
                "delete": "own",
                "stream": "team"
            },
            "MyScope1": true,
            "WorkingTimeRange": "WorkingTimeCalendar"
        }
    }
}
  • If set to false, then users won't have access to the scope.
  • True enables access to scopes w/o actions (scopes that have "acl": "boolean" in metadata > scopes).
  • A string value makes the framework to use roles from another scope and apply it to our scope. It can be useful to have roles only for one parent scope, when child scopes uses roles of the parent scope. E.g. WorkingTimeCalendar is a parent, WorkingTimeRange is a child. In Roles the admin defines only access levels to WorkingTimeCalendar, WorkingTimeRange will have the same access levels.
  • A string value in the format boolean:{scope} will convert a foreign scope data to a boolean value. As of v8.4.

scopeFieldLevel

Object.<string, Object.<string, Object|false>>

Mandatory access levels for fields for scopific scopes (entity types). Available levels: yes, no. False disables access to a field.

Example:

{
    "mandatory": {
        "scopeFieldLevel": {
            "MyEntityType": {
                "myField1": {
                    "read": "yes",
                    "edit": "no"
                },
                "myField2": false
            }
        }
    }
}

fieldLevel

Object.

Mandatory access levels for fields for any scope (entity type). E.g. if we define access levels to a field assignedUsers, then all fields with the name assignedUsers will obtain defined access levels (regardless of an entity type).

Example:

{
    "mandatory": {
        "fieldLevel": {
            "myField1": {
                "read": "yes",
                "edit": "no"
            },
            "myField2": false
        }
    }
}

adminMandatory

Object.<string, Object>

Access levels forcibly applied for admin users. This section has the same parameters as the mandatory section: scopeLevel, scopeFieldLevel, fieldLevel.

strictDefault

Object.<string, Object>

Access levels applied for regular and API users when access is not defined by Roles assigned to those users. This section has the same parameters as the mandatory section: scopeLevel, scopeFieldLevel, fieldLevel.

valuePermissionList

string

The list of all available permissions in the system.

Example:

{
    "valuePermissionList": [
        "assignmentPermission",
        "userPermission",
        "portalPermission",
        "groupEmailAccountPermission",
        "exportPermission",
        "massUpdatePermission",
        "followerManagementPermission",
        "dataPrivacyPermission"
    ]
}

Use __APPEND__ as the first value if you want to extend the list.

permissionsStrictDefaults

Object.<string, "all"|"yes"|"team"|"own">

Permissions applied for regular and API users when they are not defined by Roles assigned to those users.

Example:

{
    "permissionsStrictDefaults": {
        "assignmentPermission": "no",
        "userPermission": "no",
        "portalPermission": "no",
        "groupEmailAccountPermission": "no",
        "exportPermission": "no",
        "massUpdatePermission": "no",
        "followerManagementPermission": "no",
        "dataPrivacyPermission": "no"
    }
}

valuePermissionHighestLevels

Object.<string, "all"|"yes"|"team"|"own">

Highest levels for permissions.

Example:

{
    "valuePermissionHighestLevels": {
        "assignmentPermission": "all",
        "userPermission": "all",
        "portalPermission": "yes",
        "groupEmailAccountPermission": "all",
        "exportPermission": "yes",
        "massUpdatePermission": "yes",
        "followerManagementPermission": "all",
        "dataPrivacyPermission": "yes"
    }
}