Auth /


Based on UNIX concepts.

Permissions are (loosely) based on the concept borrowed from UNIX file systems: Boxary objects (e.g. article, link, survey) have read, write and excecute access permissions. Those can further be restricted by roles, accounts and their owner.

read access
means just retrieval including searching
write access
means just update, and delete for the owner
execute access
means the data feeding to a (external) application, like email or sharing
create access
is currently not available, meaning that anything can be created as long there is write access to the holding object.

For a typical Boxary object, one can set:

  • read, write and execute access for the owner (e.g. the article's original author)
  • read, write and execute access for the role (e.g. Admin), i.e. all the users having this role
  • read, write and execute access for the account (e.g. myFamily), i.e. all the users with (share) access to the account
  • read and execute access for logged-in users
  • read access only for anonymous users


  • By removing the read access for anonymous users, an object will be hidden from any visitor that is not logged in.
  • By removing the execute access for logged-in users they cannot share the content of the object.

Interactions within Object Trees.

All Boxary objects will be stored in a tree (of objects). The tree has a root and objects are made accessible following the path from the root. This has implications when granting edit access: one should not be able to edit an object (even when originally created by self and/or being the current owner) unless having edit permission for the owning object as well. This is because the owning object is maintaining a list of its nodes. This gives the administrator a fine grained resolution.
All Boxary content Types do have their own tree. The sum of trees are not called the wood but the collection is referred to as groves. Cross references between the trees has implications when granting execute access: one should not be able to embed cross referenced objects when lacking execute access on them. This gives the user a fine grained privacy control.