Skip to content
This repository has been archived by the owner on Oct 15, 2022. It is now read-only.

Authorisation

Thilo Planz edited this page Feb 14, 2012 · 2 revisions

Authorisation providers

There a number of ways to determine access permissions for each file and folder:

  • "acl": the default. Every file or folder can have associated access control lists (ACL). These lists define roles that the user must have to access the resource, and are stored in the file metadata. If there is no ACL for a given file, it inherits them from the parent file.

  • "global": there is only a single set of ACL shared by all files (in the same endpoint). It is specified by configuration property.

  • "trusted": allow everyone to do everything. This is only useful when you have a proxy server in front of v7files that takes care of access permissions.

The default setting is

acl.provider = acl

which by itself does not allow anyone to do anything (before you specify ACL for the files themselves, or the "global" ACL which will override the ACL for the endpoint root folder)

Access control lists

Access control lists specify a list of roles. The user needs to have at least one of those roles to perform the action.

  • acl.read: read a file's contents, list a folder
  • acl.open: access files in a folder, defaults to acl.read
  • acl.write: modify a file or folder
Clone this wiki locally