Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Scopes are used to control permissions in role based security in addition to ACL permissions. ACL lists are used to control who can do certain operations for a single object (like a folder). Scopes are overrides ACL checks for certain operations on all objects. For example you can deny viewing all folders even user has permission.

Some of scopes are explicitly defined for Administrators group members but non-admin users may have some scopes to perform tasks like searching a work item without having administrative rights.

Scopes are defined in rest API service and screen customizations for audiences by editing domain properties.

Emakin defines following scopes to control features;

Scope

Description

Default Value

login

Log in to application or issue authentication tokens

Everyone

logoff

Logout from application

Everyone

event_trigger

Trigger events through API

Everyone

module_execute

Execute module scripts

Everyone

decision_execute

Execute decision models

Everyone

user_profile

View and update user profile

Everyone

process_read

View process and list versions

Everyone

process_write

Edit process and versions

Everyone

process_initiate

Initiate new process

Everyone

worklist_read

List work item list (Inbox, Sent, .. )

Everyone

workitem_action

Take action on work item

Everyone

workitem_forward

Forward work item

Everyone

workitem_tag

Attach tags to work item

Everyone

workitem_history

View history of work item

Everyone

workitem_search

Search work item

Everyone

activity_read

View activity streams

Everyone

activity_write

Write new activity entries

Everyone

folder_read

View folder and dashboard

Everyone

folder_write

Edit folder properties

Everyone

folder_report

View reports in folders

Everyone

folder_root

Create root folders

Administrators

document_read

View document and profile

Everyone

document_write

Edit document and profile

Everyone

calendar_read

View calendar

Everyone

calendar_write

Write new calendar entries

Everyone

market_read

View market

Administrators

jobs_write

List jobs and update state

Administrators

domain_write

View and update domain properties

Administrators

organization_read

View organization database

Everyone

organization_write

Update organization database

Administrators

groups_write

View and update user groups

Administrators

file_read

Download files

Everyone

file_write

Upload files

Everyone

database_read

Perform database query

Everyone

network

Allow network access (Web Requests, FTP..)

Everyone

notifications

List and read notifications

Everyone

help

Access help

Everyone

dashboard

View dashboards from navigation

Everyone

fulltext_search

Full text query

Everyone

channel_read

List channels

Everyone

channel_write

Edit channel properties

Everyone

case_tag

Edit tags on a case

Everyone

audit_search

View audit log records

Administrators

phone

Use Phone application

Everyone


  • No labels