Permissions in FluidDB are designed to be powerful and yet simple to understand:
All possible actions are listed below.
Permissions for each action are implemented as an overall policy (set to either open or closed), and a list of any exceptions to the policy. A FluidDB API call is allowed to proceed if the permission for the corresponding action is either
Permissions are checked every time an application, on behalf of either a user or itself, uses the FluidDB API to attempt to perform an action on a namespace or tag.
The possible actions on namespaces and tags are as follows:
- create - create namespaces or tag names in a given namespace.
- update - change the properties (e.g., description) of a namespace.
- delete - delete the namespace, which must be empty.
- list - see a list of contained namespaces and tag names.
- update - change the overall properties of the tag, e.g., its description.
- delete - delete the entire tag (and thus all its occurrences on objects).
- see - detect the presence of a tag on an object.
- create - add a new tag to an object.
- read - read the value of a tag on an object.
- delete - remove a tag from an object.
Finally, there is also a control action for every namespace and tag. Only those users with control permission can change the policy or exception list for other permissions (or for the control permission itself).
If you have not yet read the description of FluidDB objects, you may be asking yourself about permissions on objects. Objects in FluidDB have no permissions.
