Roles¶
guillotina
implements robust ACL security.
An overview of our security features are:
- Users are given roles and groups
- Roles are granted permissions
- Groups are granted roles
- Roles can be granted to users on specific objects
Requests security¶
By default request has participation of anonymous user plus the ones added by auth plugins
Databases, Application and static files objects¶
Databases and static files have a specific permission system. They don't have roles by default and the permissions are specified to root user
- guillotina.AddContainer
- guillotina.GetContainers
- guillotina.DeleteContainers
- guillotina.AccessContent
- guillotina.GetDatabases
Anonymous user has on DB/StaticFiles/StaticDirectories/Application object :
- guillotina.AccessContent
Container/App Roles¶
guillotina.ContainerAdmin¶
- guillotina.AccessContent
- guillotina.ManageAddons
- guillotina.RegisterConfigurations
- guillotina.WriteConfiguration
- guillotina.ReadConfiguration
- guillotina.ManageCatalog
guillotina.ContainerDeleter¶
- guillotina.DeletePortal
Default roles on Guillotina Container¶
They are stored in annotations using IRolePermissionMap
.
Created objects set the guillotina.Owner
role to the user who created it.