Policies
Policies define who is allowed to perform specific actions.
You can configure policies on three levels:
- Context
- Module (Thread, Store, Inbox, etc.)
- Items inside Modules (such as messages or files)
This section focuses on policies in the scope of Modules.
Overview
-
A policy set in a Module overwrites the policy inherited from the Context.
-
A policy entry accepts one of the following values:
default— takes the default value (see the default values below)inherit— inherits the value from the Context (only available in Module and item policies)none— no user can perform this actionall— all Context users can perform this actionuser— all Module users can perform this actionmanager— all Module managers can perform this actionowner— only the Module owner can perform this actionitemOwner— only the item owner can perform this action (only available in item policies)
-
If a Module or item policy is left empty, it defaults to
inherit. -
If a Context policy is left empty, it defaults to
default.
Combining Values
You can combine multiple values in one policy entry:
- Use
&(AND) to require multiple conditions. - Use
,(OR) to allow multiple alternatives.
Operations with & are evaluated before ,.
Example
- Allow item updates only by the item owner, provided they are also a Module user:
- Allow updates by the item owner (if also a user) or by Module managers:
Default Policy Values
PrivMX Endpoint can only define policies at the level of Modules and items.
Context-level policies include rules related to creating Modules.
You must define those using PrivMX Bridge API.
Context
| Policy | Value |
|---|---|
| listUsers | all |
| sendCustomNotification | all |
Thread
| Policy | Value |
|---|---|
| get | user |
| listMy | all |
| listAll | none |
| create | all |
| update | manager |
| delete | manager |
| updatePolicy | manager |
| creatorHasToBeManager | yes |
| updaterCanBeRemovedFromManagers | no |
| ownerCanBeRemovedFromManagers | yes |
| canOverwriteContextPolicy | yes |
| sendCustomNotification | all |
Thread Items
| Policy | Value |
|---|---|
| get | user |
| listMy | user |
| listAll | user |
| create | user |
| update | itemOwner&user,manager |
| delete | itemOwner&user,manager |
Store
| Policy | Value |
|---|---|
| get | user |
| listMy | all |
| listAll | none |
| create | all |
| update | manager |
| delete | manager |
| updatePolicy | manager |
| creatorHasToBeManager | yes |
| updaterCanBeRemovedFromManagers | no |
| ownerCanBeRemovedFromManagers | yes |
| canOverwriteContextPolicy | yes |
| sendCustomNotification | all |
Store Items
| Policy | Value |
|---|---|
| get | user |
| listMy | user |
| listAll | user |
| create | user |
| update | itemOwner&user,manager |
| delete | itemOwner&user,manager |
Inbox
| Policy | Value |
|---|---|
| get | user |
| listMy | all |
| listAll | none |
| create | all |
| update | manager |
| delete | manager |
| updatePolicy | manager |
| creatorHasToBeManager | yes |
| updaterCanBeRemovedFromManagers | no |
| ownerCanBeRemovedFromManagers | yes |
| canOverwriteContextPolicy | yes |
| sendCustomNotification | all |
Default vs Inherit
default– applies system-defined default values (see tables above).inherit– inherits the setting from a higher level (for example, from Context if defining a Module or item policy).
Remember:
- An empty policy in a Module or item defaults to
inherit. - An empty policy in Context defaults to
default.
We use cookies on our website. We use them to ensure proper functioning of the site and, if you agree, for purposes such as analytics, marketing, and targeting ads.