Progress will discontinue Telerik Platform on May 10th, 2018. Learn more

Introduction to Item-Level Permissions

Introduction to Item-Level Permissions

Item-level permissions allow you to grant more granular permissions compared to type-level permissions. Those are defined on a single content type item and extend the type permissions, not replace them. Item permissions work with both role-based and policy-based content type security.

Item level permissions allow advanced scenarios that cannot be addressed with type-level permissions only. You can find samples in Real-World Examples.

Access Control Lists

Item level permissions are implemented using Access Control Lists (ACLs). An ACL is stored within the item object but can be empty or completely missing.

All item-level ACL entries are permissive, meaning that they expand on the type-level permissions. "Deny" permissions are not supported. You should plan your application's security model with this knowledge in hand—giving less permissions on the type level and then expanding the permission as you go to the item level.

The following is an example of a ACL field. Each ACL entry represents a permission and contains user or role IDs that can practice it. An exception to the rule are the EveryoneCan family of ACL entries that are valued true or false.

"_ACL": {
    "EveryoneCanRead": false,
    "EveryoneCanUpdate": false,
    "UsersCanRead": [
        "8c374b80-c198-11e2-bdc8-85b57a2c1347",
        "8c374b80-c198-11e2-bdc8-85b57a2c1349"
    ],
    "UsersCanUpdate": [
        "8c374b80-c198-11e2-bdc8-85b57a2c1347",
        "8c374b80-c198-11e2-bdc8-85b57a2c1349"
    ]
}

You can find the complete list of ACL entries in List of Item-Level Permissions.

See Also

Start a free trial Request a demo
Contact us: +1-888-365-2779
sales@telerik.com
Copyright © 2016-2017, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.