Permissions Inheritance

Owned by Alexis Rombaut
Last updated: May 30, 2024
2 min read

This feature has been introduced in version 22.4

Introduction

To facilitate rights management inside the the permissions depending on the (parent) record type can be configured to be inheriting. When this is the case, the children will inherit the permissions from their parent, both at creation time and later when the permissions on the parent are modified.

Configuration

When the metadata field RightsManagment.Permissions is configured as inheriting, the default situation for version 24.2, then property “permission inheritance” on , will determine if the permissions are inherited.

Inheritance on create

Effects

Auto-generated permissions for https://mediahaven.atlassian.net/wiki/x/MwDF6g are always added when applicable.

Effect

Description

Usage

Effect

Description

Usage

Inherit permissions from parent

Inherit the permissions exactly from the parent based on configuration on the parent record type. See .

  • SAAS from version 24.2 (inheritance from parent)

  • Private MediaHaven (inheritance from parent)

Use default permissions

The permissions are calculated as follows

  • For each user group the user is a member of, add it as permission with the default rights (read, write, export) configured on the user group

  • SAAS up to version 24.1

  • SAAS from version 24.2 (no inheritance from parent)

  • Private MediaHaven (no inheritance from parent)

Use provided permissions

  • Use the permissions exactly as provided

  • The on user groups the user is not a member of are removed for security reasons

  • Explicitly providing permissions in MediaHaven when creating an intellectual object

  • Integrators

Use calculated permissions

  • The plugin has full ownership of the permissions and calculates them explicitly

DigiHaven

Inheriting permissions from parent

Name

Type

Description

Default

Name

Type

Description

Default

Permission Inheritance

boolean

Controls if the permissions will be inherited from the parent record.

True

Permission Inheritance Rules

array of enum

Controls the advanced permissions. They are applied before the default permissions. This avoids the need to change the default permission logic.

The following rules will be available:

  • ADD_ORGANISATION_GROUP_TYPE

    • This will add the organisation group type of the organisation to the record

  • ADD_DEFAULT_ORGANISATION_GROUPS

    • This will add the default organisation groups to the record

 

Inheritance on update

When the permissions are modified on a record and the property “permission inheritance” is true for its record type, then modified permissions will be propagated to the children using the feature.