• View
• Edit
• History
• Print

Permissions

read access

means just retrieval including searching

write access

means just update, and delete for the owner

execute access

means the data feeding to a (external) application, like email or sharing

create access

is currently not available, meaning that anything can be created as long there is write access to the holding object.

For a typical Boxary object, one can set:

• read, write and execute access for the owner (e.g. the article's original author)
• read, write and execute access for the role (e.g. Admin), i.e. all the users having this role
• read, write and execute access for the account (e.g. myFamily), i.e. all the users with (share) access to the account
• read and execute access for logged-in users
• read access only for anonymous users

Examples.

• By removing the read access for anonymous users, an object will be hidden from any visitor that is not logged in.
• By removing the execute access for logged-in users they cannot share the content of the object.

Interactions within Object Trees.

All Boxary objects will be stored in a tree (of objects). The tree has a root and objects are made accessible following the path from the root. This has implications when granting edit access: one should not be able to edit an object (even when originally created by self and/or being the current owner) unless having edit permission for the owning object as well. This is because the owning object is maintaining a list of its nodes. This gives the administrator a fine grained resolution.
All Boxary content Types do have their own tree. The sum of trees are not called the wood but the collection is referred to as groves. Cross references between the trees has implications when granting execute access: one should not be able to embed cross referenced objects when lacking execute access on them. This gives the user a fine grained privacy control.