A.3. default-permission-values.xml

The files of this type are used to define the user’s default permissions. Default permission values are used when no role defines an explicit value for permission target. It is necessary mostly for denying roles: without this file the user with a denying role by default doesn’t have access to mainWindow screen and to filter screens.

Such files are not generated automatically by Studio, they should be created manually in the core module.

The file location is specified in the [cuba.defaultPermissionValuesConfig] application property. If this property is not defined in the application, the default cuba-default-permission-values.xml file will be used.

The file has the following structure:

default-permission-values - the root element, which has only one nested element - permission.

permission - the permission itself: it determines the object type and the permission imposed on it.

permission has three attributes:

  • target - permission object: determines the specific object the permission is imposed on. The format of the attribute depends on the permission type: for screens - the id of the screen, for entity operations - the entity id with the operation type, for example, target="sec$Filter:read", and so on.

  • value - permission value. Can be 0 or 1 (denied or allowed, respectively).

  • type - the type of permission object:

    • 10 - screen,

    • 20 - entity operation,

    • 30 - entity attribute,

    • 40 - application-specific permission,

    • 50 - UI component.

For example:

<?xml version="1.0" encoding="UTF-8"?>
<default-permission-values xmlns="http://schemas.haulmont.com/cuba/default-permission-values.xsd">
    <permission target="dynamicAttributesConditionEditor" value="0" type="10"/>
    <permission target="dynamicAttributesConditionFrame" value="0" type="10"/>
    <permission target="sec$Filter:read" value="1" type="20"/>
    <permission target="cuba.gui.loginToClient" value="1" type="40"/>