CentraSite Documentation : CentraSite Developer’s Guide : Built-In Design/Change-Time Actions Reference : Built-In Actions for Design/Change-Time Policies : Set Permissions
Set Permissions
Grants View, Modify or Full permissions to specified users (or to groups of users) for a policy.
Note:  
You use this action to set permissions on policy objects. To set permissions on catalog assets, you must use Set Instance and Profile Permissions.
Be aware that the permission settings you specify in the action will either replace or be merged with the object's existing settings, depending on how you set the Remove Existing Permission parameter.
If you set Remove Existing Permission to true, the permission settings specified in the action will completely replace the object's current settings. That is, the action will clear the object's existing permission settings and replace them with the permissions you specify.
For example if a policy's initial permission settings were as follows:
USER A Full
USER B Full
GROUP ABC Full
And you were to specify the following permissions with Remove Existing Permission set to true:
USER A Full
GROUP X Modify
The resulting permissions on the asset would be:
USER A Full
GROUP X Modify
If you set Remove Existing Permission to false, the permission settings specified in the action are added to the object's current settings. That is, the action will merge the new permission settings with the object's existing settings. For example, if an asset had the following permission settings:
USER A Full
USER B View
GROUP ABC View
And you were to specify the following permissions with Remove Existing Permission set to false:
USER A Modify
USER B Full
GROUP X Modify
The resulting permissions on the asset will be:
USER A Full
USER B Full
GROUP X Modify
GROUP ABC View
Note:  
The instance-level permissions that this action assigns to a user will not affect any role-based permissions that the user might already have. For example, if user ABC has Manage Policies permission for an organization and that user also happens to be a member of a group to which this action assigns instance-level permissions, user ABC's Manage Policies permission will override the permission settings that this action assigns to him or her.
Event Scope
PostCreate
PreStateChange
PostStateChange
OnTrigger
Object Scope
This action can be enforced on the following object types.
Policy
Input Parameters
User/Group Permission
Object Array An array of permission settings. Each setting in the array identifies one individual user or one group and specifies the permissions for that user or group.
If you specify multiple groups in this array and a user is a member of more than one group, the user will receive the permissions of all those groups combined. For example, if you assign Modify permission to Group A and Full permissions to Group B, users that are members of both groups will get Full permissions on the object.
Remove existing permission
Boolean Specifies whether the permission settings in the Users and Groups parameter replace the existing permission settings or whether they are combined with the existing settings.
Propagate permissions to dependent objects
Boolean Specifies whether the access permissions defined for the asset instance will be automatically propagated to all dependent objects. For example, a Service asset can refer to a WSDL which in turn can refer to one or more XML Schema assets, and when you set this parameter to yes, changes in the access permissions in the Service asset will be propagated to all of these dependent assets.
Copyright © Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback