Documentation >
Permissions >
Policies

Policies¶

Policies are the main building block of the permissions system. Each Role you assign to user or user group consists of Policies which define, which parts of the application or website the user has access to.

Available Policies¶

Content¶

Module	Function	Effect	Possible Limitations
`all modules`	`all functions`	grant all available permissions
`content`	`read`	view the content both in front and back end	Content Type Section Owner Content Type Group Location Subtree of Location State
	`diff`	unused
	`view_embed`	view content embedded in another Content item (even when the User is not allowed to view it as an individual Content item)	Content Type Section Owner Location Subtree of Location
	`create`	create new content. Note: even without this Policy the User is able to enter edit mode, but cannot finalize work with the Content item.	Content Type Section Location Subtree of Location Language Owner of Parent Content Type Group of Parent Content Type of Parent Parent Depth Field Group Change Owner
	`edit`	edit existing content	Content Type Section Owner Content Type Group Location Subtree of Location Language State Workflow Stage Field Group Version Lock Change Owner
	`publish`	publish content. Without this Policy, the User can only save drafts or send them for review (in Ibexa Experience)	Content Type Section Owner Content Type Group Location Subtree of Location Language State Workflow Stage
	`manage_locations`	remove Locations and send content to Trash	Content Type Section Owner Subtree of Location State
	`hide`	hide and reveal content Locations	Content Type Section Owner Content Type Group Location Subtree of Location Language
	`reverserelatedlist`	see all content that a Content item relates to (even when the User is not allowed to view it as an individual Content items)	Content Type Section
	`translate`	unused	Content Type Section Owner Location Subtree of Location Language
	`remove`	remove Locations and send content to Trash	Content Type Section Owner Location Subtree of Location State Language
	`versionread`	view content after publishing, and to preview any content in the Site mode	Content Type Section Owner Status Location Subtree of Location State
	`versionremove`	remove archived content versions	Content Type Section Owner Status Location Subtree of Location State
	`translations`	manage the language list in Admin
	`urltranslator`	manage URL aliases of a Content item
	`pendinglist`	unused
	`restore`	restore content from Trash
	`cleantrash`	empty the Trash (even when the User does not have access to individual Content items)
	`unlock`	unlock drafts locked to a user for performing actions	Owner Content Type Group Subtree of Location Language Version Lock

Content Types¶

Module	Function	Effect
`class`	`update`	modify existing Content Types. Also required to create new Content Types
	`create`	create new Content Types. Also required to edit exiting Content Types
	`delete`	delete Content Types

Object States¶

Module	Function	Effect	Possible Limitations
`state`	`assign`	assign Object states to Content items	Content Type Section Owner Content Type Group Location Subtree of Location State New State
	`administrate`	view, add and edit Object states

Roles¶

Module	Function	Effect
`role`	`assign`	assign Roles to Users and User Groups
	`update`	modify existing Roles
	`create`	create new Roles
	`delete`	delete Roles
	`read`	view the Roles list in Admin. Required for all other role-related Policies

Sections¶

Module	Function	Effect	Possible Limitations
`section`	`assign`	assign Sections to content	Content Type Section Owner New Section
	`edit`	edit existing Sections and create new ones
	`view`	view the Sections list in Admin. Required for all other section-related Policies

Setup¶

Module	Function	Effect
`setup`	`administrate`	access Admin
	`install`	unused
	`setup`	unused
	`system_info`	view the System Information tab in Admin

Sites ¶

Module	Function	Effect
`site`	`view`	view the "Sites" in the top navigation
	`create`	create sites in the Site Factory
	`edit`	edit sites in the Site Factory
	`delete`	delete sites from the Site Factory
	`change_status`	change status of the public accesses of sites to `Live` or `Offline` in the Site Factory
	`update`

Users¶

Module	Function	Effect
`user`	`login`	log in to the application
	`password`	unused
	`preferences`	access and set user preferences
	`register`	register using the `/register` route
	`selfedit`	unused
	`activation`	unused
	`invite`	create and send invitations to create an account

Workflow¶

Module	Function	Effect	Possible Limitations
`workflow`	`change_stage`	change stage in the specified workflow	Workflow Transition
`comparison`	`view`	view version comparison

Personalization¶

Module	Function	Effect	Possible Limitations
`personalization`	`view`	view scenario configuration and results for selected SiteAccesses	Personalization access
	`edit`	modify scenario configuration for selected SiteAccesses	Personalization access

Segments ¶

Module	Function	Effect	Possible Limitations
`segment`	`read`	load Segment information	Segment Group
	`create`	create Segments	Segment Group
	`update`	update Segments	Segment Group
	`remove`	remove Segments	Segment Group
	`assign_to_user`	assign Segments to Users	Segment Group

Segment groups ¶

Module	Function	Effect
`segment_group`	`read`	load Segment Group information
	`create`	create Segment Groups
	`update`	update Segment Groups
	`remove`	remove Segment Groups

Products¶

Module	Function	Effect	Possible Limitations
`product`	`create`	create a product	Product Type Language
	`view`	view products listed in the product catalog	Product Type
	`edit`	edit a product	Product Type Language
	`delete`	delete a product	Product Type

Product types¶

Module	Function	Effect
`product_type`	`create`	create a product type, a new attribute, a new attribute group and add translation to product type and attribute
	`view`	view product types, attributes and attribute groups
	`edit`	edit a product type, attribute, attribute group
	`delete`	delete a product type, attribute, attribute group

Regions¶

Module	Function	Effect	Possible Limitations
`commerce`	`currency`	manage currencies
	`region`	manage regions

Customer groups¶

Module	Function	Effect
`customer_group`	`create`	create a customer group
	`view`	view customer groups
	`edit`	edit a customer group
	`delete`	delete a customer group

Catalogs¶

Module	Function	Effect
`catalog`	`create`	create a catalog
	`view`	view catalogs
	`edit`	edit a catalog
	`delete`	delete a catalog

Taxonomy¶

Module	Function	Effect
`taxonomy`	`read`	view the Taxonomy interface
	`manage`	create, edit, and delete tags
	`assign`	tag or untag content

Cart ¶

Module	Function	Effect	Possible Limitations
`cart`	`view`	view a cart	CartOwner
	`create`	create a cart	CartOwner
	`edit`	change cart metadata (name, currency, owner), add/remove cart items	CartOwner
	`delete`	delete cart, for example, after successful checkout	CartOwner

Checkout ¶

Module	Function	Effect
`checkout`	`view`	access checkout
	`create`	create new checkout, for example, after workflow fails to complete
	`update`	change currency, quantity
	`delete`	delete checkout, for example, after workflow completes successfully

Orders ¶

Module	Function	Effect	Possible Limitations
`order`	`create`	create an order	OrderOwner
	`view`	view orders	OrderOwner
	`update`	change status of an order	OrderOwner
	`cancel`	cancel an order	OrderOwner

Shipping methods ¶

Module	Function	Effect
`shipping_method`	`create`	create a shipping method
	`view`	view shipping methods
	`update`	modify a shipping method
	`delete`	delete a shipping method

Shipments ¶

Module	Function	Effect	Possible Limitations
`shipment`	`create`	create a shipment	ShipmentOwner
	`view`	view shipments	ShipmentOwner
	`update`	change status of a shipment	ShipmentOwner
	`delete`	delete a shipment	ShipmentOwner

Payment methods ¶

Module	Function	Effect
`payment_method`	`create`	create a payment method
	`view`	view payment methods
	`edit`	modify a payment method
	`delete`	delete a payment method

Payments ¶

Module	Function	Effect	Possible Limitations
`payment`	`create`	create a payment	PaymentOwner
	`view`	view payments	PaymentOwner
	`edit`	modify a payment	PaymentOwner
	`delete`	delete a payment	PaymentOwner

Combining Policies¶

Policies on one Role are connected with the and relation, not or, so when Policy has more than one Limitation, all of them have to apply.

If you want to combine more than one Limitation with the or relation, not and, you can split your Policy in two, each with one of these Limitations.