# $Id: _perm.txt,v 1.1 2005/12/14 08:56:57 stephens Exp $
ID|ROLE|OBJ_TYPE|OBJ|ATTR|ACTION|ALLOW
# Root is allowed to do everything.
1|ROOT|*|*|*|*|1
# All others have no default perms.
20|+|+|+|+|+|0
# All can view all pages.
30|*|page|*|*|VIEW|1
# All can view presentations.
31|*|page|*|*|PRESENTATION|1
# 'other' must auth to do anything with tables.
40|OTHER|table|*|*|+|AUTH
41|OTHER|page|+|*|+|AUTH
#42|OTHER|page|TABLE|*|+|AUTH
# Default object level params
#  Object owners can do anything.
100|.|+|+|+|+|1
# All others can view all attributes but cannot modify.
110|+|+|+|+|INSPECT|1
111|+|+|+|+|VISIBLE|1
112|+|+|+|+|READ|1
113|+|+|+|+|WRITE|0
114|+|+|+|+|DELETE|0
116|+|+|+|+|INSERT|0
#  User 'other' cannot do anything to itself.
120|.|user|other|+|+|AUTH
#  Users cannot enable or disable themselves.
130|.|user|+|enabled|WRITE|0
131|.|user|+|enabled|VISIBLE|0
#  Users cannot change their htgroups field.
140|.|user|+|htgroups|WRITE|0
141|.|user|+|htgroups|VISIBLE|0
#  Only AUTH can disable/enable users.
150|AUTH|user|*|enabled|WRITE|1
151|AUTH|user|*|enabled|VISIBLE|1
#  Only AUTH can change htgroups.
152|AUTH|user|*|htgroups|WRITE|1
153|AUTH|user|*|htgroups|VISIBLE|1
# All other cannot read other's password fields.
160|+|user|+|password|READ|0
# All other cannot read other's htgroup fields.
170|+|user|+|htgroups|READ|0

# Auth is allowed to edit auth tables.
200|AUTH|table|AUTH|*|*|1
# Table is allowed ALL actions all tables, except root and auth tables.
300|TABLE|table|ROOT|*|*|0
301|TABLE|table|AUTH|*|*|0
302|TABLE|table|table|*|VIEW|1
303|TABLE|table|+|+|1
# Page role cannot edit ROOT and TABLE pages.
400|PAGE|page|ROOT|*|EDIT|0
401|PAGE|page|TABLE|*|EDIT|0
# Page role is allow to edit all page related items.
500|PAGE|table|PAGE|*|+|1
501|PAGE|page|+|*|*|1
502|PAGE|image|+|*|*|1
# Articles
600|OTHER|page|ARTICLE|*|ADD|1