Content Management Interoperability Services (CMIS) Version 1.1
Content Management Interoperability Services (CMIS) Version 1.1
Content Management Interoperability Services (CMIS) Version 1.1
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
epositorydetermined indicates that the repository has its own mechanism of computing how changing<br />
an ACL for an object influences the non-direct ACEs of other objects.<br />
PermissionDefinition repositoryPermissions A list of names and descriptions of the supported<br />
permissions.<br />
PermissionMapping mappings Contains a list of basic <strong>CMIS</strong> permissions to allowable actions<br />
mapping.<br />
2.<strong>1.1</strong>2.3.1 Supported Permissions<br />
The list of permission definitions returned by the getRepositoryInfo service lists all the permissions a<br />
repository supports. This list also includes the <strong>CMIS</strong> permissions if supported by the repository.<br />
A PermissionDefinition holds:<br />
String permission The (technical) name of the permission. Permission names MUST be unique within the<br />
permission definition list.<br />
String description An optional description of the permission that SHOULD be used as the permission's<br />
name to be presented to the user.<br />
2.<strong>1.1</strong>2.3.2 AllowableActions and Permission Mapping<br />
<strong>CMIS</strong> provides a mechanism called Allowable Actions which allows an application to discover the set of<br />
service operations that can currently be performed on a particular object by the current user, without having<br />
to actually invoke the service.<br />
The set of allowable actions on an object at a point in time are affected not only by <strong>CMIS</strong> ACLs, but also by<br />
other factors such as:<br />
• Constraints inherent in the <strong>CMIS</strong> Domain Model based on the object's base type or current versioning<br />
state.<br />
• Policies or other control mechanisms that are opaque to <strong>CMIS</strong>.<br />
<strong>CMIS</strong> defines several services that applications can use at run-time to discover the allowable actions for an<br />
object.<br />
If a repository supports ACLs, then the repository MUST provide a mapping table that defines how the<br />
permissions supported by the repository interact with the <strong>CMIS</strong> allowable actions, i.e. which permissions<br />
are necessary for a principal to have on one or more objects in order to potentially perform each action,<br />
subject to the other constraints on allowable actions mentioned above.<br />
This section defines both the allowable actions as well as how those actions are presented in the permission<br />
mapping table.<br />
The permission mapping table contains a set of key--permissions pairs:<br />
String key Since several allowable actions require permissions on more than one object, the mapping table<br />
is defined in terms of permission "keys". (For example, moving a document from one folder to another<br />
may require permissions on the document and each of the folders.) Each key combines the name of<br />
the allowable action and the object for which the principal needs the required permission.<br />
For example, the canMoveObject.Source key indicates the permissions that the principal must<br />
have on the "source folder" to move an object from that folder into another folder.<br />
String permissions The name of one or more permissions that the principal MUST have. If more<br />
than one permission is specified, then the principal MUST be allowed to perform the operation if they<br />
have ANY of the listed permissions.<br />
The following list defines all mapping keys, as well as a permissions mapping that repositories SHOULD<br />
use. Repositories MAY require additional permissions.<br />
<strong>CMIS</strong>-v<strong>1.1</strong>-csprd01<br />
Standards Track Work Product<br />
Copyright © OASIS Open 2012. All Rights Reserved.<br />
18 August 2012<br />
Page 86 of 331