This topic describes an example on how you can review permissions on objects, in a step-by-step method.

In order to follow this example, you need to have a user with as low permissions as possible. In this example, you are using a 'fake' user named 0testuser that belongs only to the Everyone group. The Everyone group has no system privileges. At this point, you are logged to the EdAdmin as Administrator user:

Review access permissions on the 'container' objects

To see how the test of the permissions works, you created a new temporary typography, named testperms, and you assigned the minimal permissions to the 0testuser: only the Read Normal permission. You wrote down the id of the typography, that is 2385262. The typography acts here as a container object, i.e. the object that will contain the formats. The permissions that you will test here apply on what you can do with the typography itself.

Now, you connected to the same server with a browser, logged in as 0testuser, and then replaced the URL with:

http://servername/gn4/do.ashx?Cmd=permissions&ids=2385262

The result is shown on the following screenshot: the user has the Read Normal access only, and it applies to the id, name, modifiedDate, description, colorProfile, colors, dashes, copyFits, wordEstimate, and ends attributes.

Now, return to EdAdmin, edit the testperms typography again, edit its access permissions for the user 0testuser, and assign also the Read Protected permissions. Click OK, close the Access Permissions dialog box, and the click OK on the Edit user dialog box. Return to the browser, reload the page, and look at the results:

Follow the outputs for the standard presets for the permissions on testperms typography.

View, Edit In, Change In

Change

Full control

Review access permissions on the 'content objects'

The things become more interesting when you come down to the typography 'children' or 'content', therefore to the objects that inherit permissions from the typography and do not have their own direct access permissions, e.g. formats. The permissions that you will test here apply on what you can do with the formats contained in (referenced by) typography.

For this purpose, create a testformat format in the temporary typography testperms and write down the format id:

Now, apply the View preset on the testperms typography and then check the output of the permissions on the format object with the id 2385321.

Apparently, there's a problem with the scopeRef attribute that appears to be both locked and invalid:

Why is that so? The cause of both problems are the missing permissions to access the scopeRef in an appropriate mode. You can find it out, for example, by adding the Place In Normal permission on the testperms typography to the user 0testuser.

Now, reload and check the outcome in the browser - the invalid reference is gone:

What could be the meaning of the Place In permission in this context? You will understand it if you remember that a typography is a container of formats (that are the content in this context).

To be able to create a new format (i.e. the new content) in a typography (i.e. in the container for that content), you need to have the Place In permission on the container.

And the previous resolves the InvalidReference. But, why the scopeRef continues to appear as locked? Because you do not have the write permission on the Send From - that is an opposite of the Place In. So, let's add the Send From permission as well.

Let's reload and check the output - the locked scopeRef is gone now:

See also

Permissions on formats and styles