Permission Policies

Permission Policies

ContentGrid takes a different approach to permissions than legacy content management systems. Instead of making a complex hierarchical tree structure of permissions with inheritance, a set of permission policies describes access for each entity. These policies are rules that contain logical expressions, making use of (a combination of) entity attributes and user attributes.

How to create a Policy

First, go to the Permissions modeler:

Permissions

To create our first policy, we first have to choose the entity for which we are going to create a policy:

Select Entity

When clicking the "Create Policy" button you will see the configuration options for creating a new policy:

Create Policy

First, you’ll have to choose for which operation this policy will be evaluated. The options are: Read, Create, Update, Delete. You can choose one or more operations.

By choosing the visibility setting, you can define if this policy is applicable for authenticated users only, or for all users.

The "Additional conditions" section is where you define the conditions for this policy, access to the entity is granted when the conditions are fulfilled.

Multiple conditions can be applied, and each rule has a left and a right side, that are compared to each other. Both left and right sides of can be a "user attribute", "entity attribute" or constant. The possible comparisons between the left and the right side are:

  • equals

  • not equals

  • greater than

  • greater or equals

  • less than

  • less than or equals

  • contains

  • in

You can add more conditions with the "Add Condition" button. All conditions have to be satisfied before a policy grants access. Save the policy with the "Add Policy" button.

Now, you should see your policy for this entity in the overview.

Policy Overview