I am still trying to understand how SenseNet permission system works.
For that I read SenseNet wiki pages and done following use case diagram:
I did not understand "permission tree", "Explicite list", "Effective list" concepts and the visualized trees in the Permission Queries wiki page.
Could you please explain the example in the wiki page.
Thanks,
One permission entry is any permission setting on a content for an identity (user or group). For example: first, you allow the Open permissions on the /Root/Folder1 for User1. This is an explicit entry. In a next step, you allow Open permission for the User2 on the same content. These two setting are two explicit entries what we call explicit list. This is similar to Windows ACL.
This list affects the whole subtree because a content's permissions can be inherited from the parent. For example User1 and User2 have Open permission on the /Root/Folder1/Document1 but these permissions are inherited from the /Root/Folder1. So the Document1 has two permission entries even though you did not set anything on this content. These entries are effective entries what we call effective list.
The permission tree is a virtual tree that is the mutation of the big content tree and contains only contents that have explicit permission entries. In fact, it is an existing object, resides in the permission system internally and it is built for faster evaluation purpose. It is easier to understand through a content chain. For example you have a document in depth: /Root/Sites/DemoSite/Workspace1/Doclib/Folder/Document1 and the following contents have explicit entries: Root, DemoSite, Doclib, and Document1. Then the permission tree contains only these nodes: /Root/DemoSite/Doclib/Document1. In this tree, the parent of the Document1 is the Doclib.