SkyVault uses some custom roles. To implement a custom role, you
create a dynamic authority for that role and assign global permissions to
it. The SkyVault internal roles have not been assigned any object-specific
rights.
The internal roles are:
- ROLE_ADMINISTRATOR is assigned to the default administrators for the configured authentication mechanisms or members of the administration groups defined on the AuthorityServiceImpl bean. This role has all rights.
- ROLE_OWNER is assigned to the owner of a node. If there is no explicit owner, this role is assigned to the creator. This role has all rights on the owned node.
- ROLE_LOCK_OWNER is assigned to the owner of the lock on a locked node. This supports a lock owner’s right to check in, cancel a check out, or unlock the node.
SkyVault Share supports the assignment of permissions only to the owner role. You can use such things as the Java API and scripting to make other assignments.
Note: Hierarchical and zoned roles can be added to SkyVault in the future
to avoid the hidden group implementation for true roles.