Repository Framework Security 
Use
The repository framework uses permissions and access control lists (ACLs) to prevent unauthorized access to sensitive information. Permissions define the actions that are allowed on a resource. They are associated with principals (users, groups or roles) in ACLs. An ACL is assigned to a specific resource. It specifies the permissions that principals hold to perform actions on the resource. The repository framework always checks whether a principal holds the required permissions, before executing an action on a resource.
Features
Applications usually do not have to explicitly deal with security because whenever they try to access a resource, the responsible repository manager or service checks whether the required permissions are available. Only extensions of the repository framework and applications that allow users to change permissions need to know how the repository manager checks permissions.
Permissions
The repository framework implements the following permissions:
Permissions for Collections and Resources
Permission |
Permitted Action |
Read content |
Read the content of the resource |
Read properties |
Read the properties of the resource |
Write properties |
Write, update, or delete properties of the resource |
Delete |
Delete the resource |
Permissions for Collections Only
Permission |
Permitted Action |
List child nodes |
Retrieve the children of a collection |
Create child node |
Create a child in a collection |
Read node properties |
Read the collection’s properties or names |
Write node properties |
Write the collection’s properties or names |
Delete child node |
Delete a child from a collection |
Access Control Lists (ACLs)
An ACL is assigned to a resource and guards the resource against illegal access. It contains access control entries (ACEs) that specify principals and the set of permissions they hold for actions on the resource. Each ACL has at least one owner. The owner is allowed to modify the ACL and is granted all available permissions for the resource (full control). All other principals are denied permissions on the resource, until they are explicitly granted permission in an ACE.
If a resource is not assigned an ACL, it inherits an ACL from its parent. The process of inheritance continues all the way up the hierarchy until an ACL is found or until the root resource is reached. If no ACL exists, all permissions are implicitly granted to all users.
See also: