Show TOC

Types of PermissionsLocate this document in the navigation structure

Use

The operations that a user can perform on an object are based on the permissions that the user is granted for that object.

Each permission entitles a user to a specific set of operations on the current object, including all operations permitted by its child permissions. For example, the FULL CONTROL permission entitles the user to perform a set of operations, which includes those permitted by the DELETE and by the READ/WRITE permissions.

Refer to specific permissions with the constants defined by IPcdStandardPermissions .

Allowed Operations

The following is a list of permissions and the PCD operations that each permission enables. The PCD operations are generally performed on IPcdContext , IDeltaLink or IAclHandle objects.

Permission

Operations/Methods

OWNER

Includes all permissions for GRANT.

GRANT

IAclHandle.createAcl()

IAclHandle.removeAcl()

IAcl.createAclEntry()

IAcl.removeAclEntry()

IAcl.removeOwner()

This permission provides the same operations as OWNER. We recommend that you use OWNER instead.

FULL CONTROL

Includes all permissions for DELETE and READ/WRITE.

READ/WRITE

Includes all permissions for CREATE, READ and WRITE ATTRIBUTES.

DELETE

IPcdContext.destroySubcontext()

IPcdContext.unbind()

The above operations can be performed on a unit object. For subobjects of a unit, only WRITE ATTRIBUTES is required.

CREATE

IPcdContext.createSubcontext()

IPcdContext.bind()

IPcdContext.rebind()

IPcdContext.createDeltalink()

READ

Includes all permissions for LOOKUP and READ ATTRIBUTES.

WRITE ATTRIBUTES

IPcdContext.modifyAttributes()

For objects that are subobjects of a unit, the following can also be performed:

IPcdContext.destroySubcontext()

IPcdContext.unbind()

READ ATTRIBUTES

IPcdContext.getAttributes()

LOOKUP

IPcdContext.lookup()

IPcdContext.lookupLink()

IPcdContext.list()

IPcdContext.listBindings()

IPcdContext.search()

USE

Any of the above operations if the PCD is called in personalization mode (except for those defined by the GRANT permission).

For information on personalization, see Personalization .