sensenet

SenseNet Content Security Model How to read View PermissionInfoView


Please explain how content security works on SenseNet.

Especially how to read the following SN database view:

What EFEntries(LocalOnly) flag is used for?


Solution

  • In a nutshell: it works very similarly to the file system permissions in Windows.

    You can define permissions for individual users, or (more preferably) groups and org units. Defining a permission happens on a content, usually on a container like a workspace or folder. For example you give Open and Save permissions for the Editors group on the Articles folder.

    There is inheritance: child content will inherit permissions you defined on the parent folder (unless it was defined as local only, which means not propagated to children). For example if you define a local only Save permission on a document library for John, he will be able to modify the doclib content itself (e.g. change its display name), but not the files inside the library.

    To make things a bit more complex, you can break permissions on a content, for example to remove an inherited permission. This may be necessary if you want to hide a subfolder.

    For details please visit the Permission System article.

    Permission overview GUI

    If you have installed the WebPages component of SN7, you get a Permission Overview page that may help you understand the current permission settings in the tree.

    The Permission info database view

    In case you have the Services component only (so no GUI) or you really want to look under the hood, you can check out this db view to see all the permission settings in the system.

    The records here contain all the defined permission entries in the system (so inherited ones cannot be seen here, they are calculated in memory). The Path is the content where the permissions are defined, the Identity can be a user or group, LocalOnly means not propagated to children (see above), the rest is a list of permissions (e.g. Open or Save) and whether they are allowed, denied or undefined.

    For details about this and other db elements please visit the DB structure article.