Authorization Policies and Permissions

Authorization policies determine the actions that users can perform with the mashables, mashups and apps that Presto governs. Policies also determine user access to the features and tools in the Presto Hub and the Presto Enterprise AppDepot.

By default, authorization is enabled in Presto. All actions are forbidden unless explicitly granted in a policy.

Note:

You can choose to disable authorization during an initial development phase to simplify access to register and create mashables, mashups and apps. See Enable or Disable Authorization for instructions.

The categories of authorization policies that are defined in Presto are shown below.

Access/Create Permissions: are defined using Presto built-in user groups as the principals. See the Built-In Presto User Groups and Permissions topic for detailed information these policies.

To grant access to Presto tools and enable users to create artifacts in Presto Hub, you add users to these built-in groups. See Grant User Access to Presto with Built-in Groups for instructions.

Owner/Admin Permissions: users automatically obtain owner permissions when they create artifacts. Administrator permissions are defined when you assign users to the Presto_Administrator built-in group (see Access/Create policies).

Owners have full permissions to all actions for the artifacts they create, except the feature/unfeature action. Administrators have owner permissions for all artifacts as well as for the feature/unfeature action.

Run Permissions: owners and Presto administrators grant run permissions to other users to allow them to use that artifact. See Grant Permission to Run Mashables, Mashups and Apps for instructions. Automatically Grant Run Permissions to Users and Groups. For mashups and apps, users must also have run permissions for the other mashable information sources, mashups or apps that are used by that mashup or app.

You can also grant guest access to use artifacts. Guest access grants permission for anyone to run that artifact, even users who are not logged in. See Authentication and Guest Access for instructions.

Users also get several other related permissions when you grant run permissions. See the Built-In Presto User Groups and Permissions topic for more information on the additional permissions granted with run.

View Permissions: authenticated users can see artifacts in Presto Hub and the AppDepot even for artifacts for which they do not have run permissions. They can open the artifact and request permissions, but they cannot run or preview the artifact.

You can also restrict view permissions. See Set View Permissions with a Search Filter for information.