Policies¶
Policies are the main building block of the permissions system. Each Role you assign to user or user group consists of Policies which define, which parts of the application or website the user has access to.
Available Policies¶
Module | Function | Effect |
---|---|---|
all modules |
all functions |
grant all available permissions |
content |
read |
view the content both in front and back end |
diff |
unused | |
view_embed |
view content embedded in another Content item (even when the User is not allowed to view it as an individual Content item) | |
create |
create new content. Note: even without this Policy the User is able to enter edit mode, but cannot finalize work with the Content item. | |
edit |
edit existing content | |
publish |
publish content. Without this Policy, the User can only save drafts or send them for review (in Ibexa Experience) | |
manage_locations |
remove Locations and send content to Trash | |
hide |
hide and reveal content Locations | |
reverserelatedlist |
see all content that a Content item relates to (even when the User is not allowed to view it as an individual Content items) | |
translate |
unused | |
remove |
remove Locations and send content to Trash | |
versionread |
view content after publishing, and to preview any content in the Site mode | |
versionremove |
remove archived content versions | |
translations |
manage the language list in Admin | |
urltranslator |
manage URL aliases of a Content item | |
pendinglist |
unused | |
restore |
restore content from Trash | |
cleantrash |
empty the Trash (even when the User does not have access to individual Content items) | |
unlock |
unlock drafts locked to a user for performing actions | |
Content Type |
update |
modify existing Content Types. Also required to create new Content Types |
create |
create new Content Types. Also required to edit exiting Content Types | |
delete |
delete Content Types | |
state |
assign |
assign Object states to Content items |
administrate |
view, add and edit Object states | |
role |
assign |
assign Roles to Users and User Groups |
update |
modify existing Roles | |
create |
create new Roles | |
delete |
delete Roles | |
read |
view the Roles list in Admin. Required for all other role-related Policies | |
section |
assign |
assign Sections to content |
edit |
edit existing Sections and create new ones | |
view |
view the Sections list in Admin. Required for all other section-related Policies | |
setup |
administrate |
access Admin |
install |
unused | |
setup |
unused | |
system_info |
view the System Information tab in Admin | |
site |
view |
view the "Sites" in the top navigation |
create |
create sites in the Site Factory | |
edit |
edit sites in the Site Factory | |
delete |
delete sites from the Site Factory | |
change_status |
change status of the public accesses of sites to Live or Offline in the Site Factory |
|
update |
||
user |
login |
log in to the application |
password |
unused | |
preferences |
access and set user preferences | |
register |
register using the /register route |
|
selfedit |
unused | |
activation |
unused | |
invite |
create and send invitations to create an account | |
workflow |
change_stage |
change stage in the specified workflow |
comparison |
view |
view version comparison |
personalization |
view |
view scenario configuration and results for selected SiteAccesses |
edit |
modify scenario configuration for selected SiteAccesses | |
segment |
read |
load Segment information |
create |
create Segments | |
update |
update Segments | |
remove |
remove Segments | |
assign_to_user |
assign Segments to Users | |
segment_group |
read |
load Segment Group information |
create |
create Segment Groups | |
update |
update Segment Groups | |
remove |
remove Segment Groups | |
product |
create |
create a product |
view |
view products listed in the product catalog | |
edit |
edit a product | |
delete |
delete a product | |
product_type |
create |
create a product type, a new attribute, a new attribute group and add translation to product type and attribute |
view |
view product types, attributes and attribute groups | |
edit |
edit a product type, attribute, attribute group | |
delete |
delete a product type, attribute, attribute group | |
commerce |
currency |
manage currencies |
region |
manage regions | |
customer_group |
create |
create a customer group |
view |
view customer groups | |
edit |
edit a customer group | |
delete |
delete a customer group | |
catalog |
create |
create a catalog |
view |
view catalogs | |
edit |
edit a catalog | |
delete |
delete a catalog | |
taxonomy |
read |
view the Taxonomy interface |
manage |
create, edit, and delete tags | |
assign |
tag or untag content | |
cart |
view |
view a cart |
create |
create a cart | |
edit |
change cart metadata (name, currency, owner), add/remove cart items | |
delete |
delete cart, for example, after successful checkout | |
checkout |
view |
access checkout |
create |
create new checkout, for example, after workflow fails to complete | |
update |
change currency, quantity | |
delete |
delete checkout, for example, after workflow completes successfully |
Combining Policies¶
Policies on one Role are connected with the and relation, not or, so when Policy has more than one Limitation, all of them have to apply.
If you want to combine more than one Limitation with the or relation, not and, you can split your Policy in two, each with one of these Limitations.