Privileges
In contrast to the authentication, which is performed to identify the users at logon, authorization is the granting of permissions to users, allowing them to perform certain tasks. This assignment is done by privileges and access control lists (ACLs).
Executing certain tasks is tied to elementary rights, or privileges. Such tasks are, for example, reading, writing, or checking in files. Privileges are independent of one another: The right to write does not automatically include the right to read. The table below describes the privileges defined for the DTR.
Elementary Privileges
Privilege |
Applicable For |
Rights Controlled |
access |
Resource |
Controls access to meta-data information about a resource |
read |
Resource |
Controls read access to information about the state of the resource and the resource's properties |
write |
Resource |
Controls the permission to change the content of a resource or to add, change, and delete files or folders. |
checkin |
Workspace, Activity |
Controls the right to check in the activities into the workspace |
import |
Repository |
Controls the right to import activities into the repository |
export |
Activities Propagation Lists |
Controls the right to export activities or propagation lists from the repository |
integrate |
Workspace |
Controls the integration of activities from other workspaces into the current one |
adminA |
Repository |
Controls the basic administration tasks, which include creating workspaces or users. |
adminX |
Repository |
Controls the critical administration tasks, which include deleting version histories. |
Types of Privileges
· grant: grants permission for a certain right
· deny: denies permission for a certain right
Absence of a deny privilege cannot be interpreted as a grant.
Assigning Privileges to Methods
The table below shows the privileges required for all tasks in the repository:
Assigning Permissions to Methods
DeltaV-Method (Operation) |
Required Grant permission |
Target |
OPTIONS (browse) |
Access |
“/” |
PROPFIND (browse) |
Read |
Target resource |
GET (synchronize) |
Read |
Target resource |
REPORT (required for CHECKIN) |
Read |
Target resource |
PROPPATCH (required for MKACTIVITY) |
read write |
Target resource |
PUT (upload) |
read write |
Parent directory |
CHECKOUT (edit) |
read write |
Target resource |
CHECKIN |
checkin; checkin |
Target workspace; activity that is checked in |
MKACTIVITY (create an activity) |
read write |
Activity directory |
MKWORKSPACE (create a workspace) |
read write adminA |
Workspace collection |
MKCOL (create a directory) |
read write |
Target directory |
MKPROPAGATIONLIST (create a propagation list) |
read write |
Propagation list directory |
DELETE |
read write |
Target resource |
INTEGRATE |
Integrate |
Target workspace |
DISCARD |
read write |
Target resource |
MERGE |
read write |
Target resource |
COPY |
Read |
Source resource |
COPY |
read write |
Target directory |
MOVE |
read write |
Source directory |
MOVE |
read write |
Target directory |
EXPORT (Propagation) |
read export |
Activity |
IMPORT (Propagation) |
Import |
“/” |
Checking In Activities of Other Users
If you must check in an activity of which you are not the owner, you need the following privileges:
· CHECKIN for the activity of the other user
· CHECKIN for the target workspace
· ADMINX for the activity of the other user
For more information, see Checking In Activities of Other Users.