A.3. default-permission-values.xml
The files of this type are used to define the user’s default permissions. Default permission values are used when no role defines an explicit value for permission target. It is necessary mostly for denying roles: without this file the user with a denying role by default doesn’t have access to mainWindow screen and to filter screens.
Such files are not generated automatically by Studio, they should be created manually in the core module.
The file location is specified in the [cuba.defaultPermissionValuesConfig] application property. If this property is not defined in the application, the default cuba-default-permission-values.xml
file will be used.
XML schema is available at http://schemas.haulmont.com/cuba/default-permission-values.xsd.
The file has the following structure:
default-permission-values
- the root element, which has only one nested element - permission
.
permission
- the permission itself: it determines the object type and the permission imposed on it.
permission
has three attributes:
-
target
- permission object: determines the specific object the permission is imposed on. The format of the attribute depends on the permission type: for screens - theid
of the screen, for entity operations - the entityid
with the operation type, for example,target="sec$Filter:read"
, and so on. -
value
- permission value. Can be0
or1
(denied or allowed, respectively). -
type
- the type of permission object:-
10
- screen, -
20
- entity operation, -
30
- entity attribute, -
40
- application-specific permission, -
50
- UI component.
-
For example:
<?xml version="1.0" encoding="UTF-8"?>
<default-permission-values xmlns="http://schemas.haulmont.com/cuba/default-permission-values.xsd">
<permission target="dynamicAttributesConditionEditor" value="0" type="10"/>
<permission target="dynamicAttributesConditionFrame" value="0" type="10"/>
<permission target="sec$Filter:read" value="1" type="20"/>
<permission target="cuba.gui.loginToClient" value="1" type="40"/>
</default-permission-values>