Policies
Policies define who is allowed to perform specific actions.
You can configure policies on three levels:
- Context
- Container (Thread, Store, Inbox, etc.)
- Items inside Containers (such as messages or files)
This section focuses on policies in the scope of Containers.
Overview
-
A policy set in a Container overwrites the policy inherited from the Context.
-
A policy entry accepts one of the following values:
default— takes the default value (see the default values below)inherit— inherits the value from the Context (only available in Container and item policies)none— no user can perform this actionall— all Context users can perform this actionuser— all Container users can perform this actionmanager— all Container managers can perform this actionowner— only the Container owner can perform this actionitemOwner— only the item owner can perform this action (only available in item policies)
-
If a Container or item policy is left empty, it defaults to
inherit. -
If a Context policy is left empty, it defaults to
default.
Combining Values
You can combine multiple values in one policy entry:
- Use
&(AND) to require multiple conditions. - Use
,(OR) to allow multiple alternatives.
Operations with & are evaluated before ,.
Example
- Allow item updates only by the item owner, provided they are also a Container user:
- Allow updates by the item owner (if also a user) or by Container managers:
Default Policy Values
PrivMX Endpoint can only define policies at the level of Containers and items.
Context-level policies include rules related to creating Containers.
You must define those using PrivMX Bridge API.
Context
| Policy | Value |
|---|---|
| listUsers | all |
| sendCustomNotification | all |
Thread
| Policy | Value |
|---|---|
| get | user |
| listMy | all |
| listAll | none |
| create | all |
| update | manager |
| delete | manager |
| updatePolicy | manager |
| creatorHasToBeManager | yes |
| updaterCanBeRemovedFromManagers | no |
| ownerCanBeRemovedFromManagers | yes |
| canOverwriteContextPolicy | yes |
| sendCustomNotification | all |
Thread Items
| Policy | Value |
|---|---|
| get | user |
| listMy | user |
| listAll | user |
| create | user |
| update | itemOwner&user,manager |
| delete | itemOwner&user,manager |
Store
| Policy | Value |
|---|---|
| get | user |
| listMy | all |
| listAll | none |
| create | all |
| update | manager |
| delete | manager |
| updatePolicy | manager |
| creatorHasToBeManager | yes |
| updaterCanBeRemovedFromManagers | no |
| ownerCanBeRemovedFromManagers | yes |
| canOverwriteContextPolicy | yes |
| sendCustomNotification | all |
Store Items
| Policy | Value |
|---|---|
| get | user |
| listMy | user |
| listAll | user |
| create | user |
| update | itemOwner&user,manager |
| delete | itemOwner&user,manager |
Inbox
| Policy | Value |
|---|---|
| get | user |
| listMy | all |
| listAll | none |
| create | all |
| update | manager |
| delete | manager |
| updatePolicy | manager |
| creatorHasToBeManager | yes |
| updaterCanBeRemovedFromManagers | no |
| ownerCanBeRemovedFromManagers | yes |
| canOverwriteContextPolicy | yes |
| sendCustomNotification | all |
Default vs Inherit
default– applies system-defined default values (see tables above).inherit– inherits the setting from a higher level (for example, from Context if defining a Container or item policy).
Remember:
- An empty policy in a Container or item defaults to
inherit. - An empty policy in Context defaults to
default.
We use cookies on our website. We use them to ensure the proper functioning of the site and, if you agree, for purposes we set, such as analytics or marketing.