Policies

Policies determine who is allowed to perform specific actions. You can define your policy on three levels: for a Context, for a Container (Thread, Store, etc), and for items such as messages or files, in case of Containers that include them.

This section covers policies in the Containers' scope.

Overview

Setting a policy in the Container overwrites the policy from the Context. The property of the policy can be set to one of the following values:

• "default" - takes the default value, listed below
• "inherit" - always takes value from the Context (can only be used in Container and item policies)
• "none" - no one can perform this action
• "all" - all Context users can perform this action
• "user" - all Container users can perform this action
• "manager" - all Container managers can perform this action
• "owner" - only Container owner can perform this action
• "itemOwner" - only item owner can perform this action (can only be used in the item policy)

Leaving an empty policy in a Container or item policy results in inherit. In Context it results in default.

You can also combine the values listed above. If you want to allow item updates to be executed only by the item owner, with the additional assumption that they must be an active user of the Container, you can write itemOwner&user. But if you want to allow the Container managers to also update the item, you can write itemOwner&user,manager. In the policy entry, the & character means 'and', and the coma , means or. Operations with & are always performed first.

Default Policy Values

The Endpoint can only define policies on the level of Containers and items. Context level policies include rules connected to, for example, creating Containers – so they have to be defined using Bridge API.

The following tables list the default policy values in PrivMX:

Context