About objects access classes

Build 1501 on 14/Nov/2017  This topic last edited on: 25/Aug/2014, at 12:55

Access classes increase the flexibility of the GN4 security model, allowing you to grant or deny permissions on four levels of a content, e.g. in an object stored in a folder you can set - if you want - different permissions on editing text, metadata, referenced items (images) and so on, or granting someone to edit image's metadata, but not the image itself.

Technically speaking an individual permission for each access class allows to grant or deny access to different attributes of an object.

There are four access classes:

Normal

Protected

Special

Content

Access classes for attributes are defined in schema. Search for gs:accessclass in all schemas in C:\tera\GN4\config\Schemas or C:\tera\GN4\main\config\Schemas, and the found lines will look like this one below:

<xs:attribute name="textOverN" type="xs:int" use="optional" default="0" gs:access="Content">

The above means that, to edit the value of the attribute textOverN, an user needs to have granted the Content access class.

The object type access class definition is part of the object type description and by default it is ‘normal’. A different class can be assigned to any object type when defining the database structure.

The access class of an object type is used to restrict the place-in/send-to permissions for objects of the type.  In this example, the object type ‘testSpecial’ is defined with and access type of ‘special’.

<xs:element name="testSpecial">

  <xs:complexType gs:access="special">

    <xs:complexContent>

      <xs:extension base="object">

        <xs:attribute

          name="location"

          type="xs:string"/>

      </xs:extension>

    </xs:complexContent>

  </xs:complexType>

</xs:element>

 

Note that the access class is NOT inherited from the base object.

Find below the list of objects and attributes in Protected, Special and Content access classes.

Click to toggle expandProtected
Click to toggle expandSpecial
Click to toggle expandContent

See also

Defining attribute access class