Scopes¶
Scopes are used to control permissions in role based security in addition to ACL permissions. ACL lists are used to control who can do certain operations for a single object (like a folder). Scopes are overrides ACL checks for certain operations on all objects. For example you can deny viewing all folders even user has permission.
Some scopes are explicitly defined for Administrators group members but non-admin users may have some scopes to perform tasks like searching for a work item without having administrative rights.
Scopes are defined in rest API service and user group definitions.
Emakin defines the following scopes to control features;
| Scope | Description | Default Value |
|---|---|---|
| login | Log in to application or issue authentication tokens | Everyone |
| logoff | Logout from application | Everyone |
| event_trigger | Trigger events through API | Everyone |
| module_execute | Execute module scripts | Everyone |
| decision_execute | Execute decision models | Everyone |
| user_profile | View and update user profile | Everyone |
| process_read | View process and list versions | Everyone |
| process_write | Edit process and versions | Everyone |
| process_initiate | Initiate new process | Everyone |
| worklist_read | List work item list (Inbox, Sent, .. ) | Everyone |
| workitem_action | Take action on work item | Everyone |
| workitem_forward | Forward work item | Everyone |
| workitem_tag | Attach tags to work item | Everyone |
| workitem_history | View history of work item | Everyone |
| workitem_search | Search work item | Everyone |
| activity_read | View activity streams | Everyone |
| activity_write | Write new activity entries | Everyone |
| folder_read | View folder and dashboard | Everyone |
| folder_write | Edit folder properties | Everyone |
| folder_report | View reports in folders | Everyone |
| folder_root | Create root folders | Administrators |
| document_read | View document and profile | Everyone |
| document_write | Edit document and profile | Everyone |
| calendar_read | View calendar | Everyone |
| calendar_write | Write new calendar entries | Everyone |
| market_read | View market | Administrators |
| market_write | Publish to market | Administrators |
| jobs_write | List jobs and update state | Administrators |
| domain_write | View and update domain properties | Administrators |
| organization_read | View organization database | Everyone |
| organization_write | Update organization database | Administrators |
| groups_write | View and update user groups | Administrators |
| file_read | Download files | Everyone |
| file_write | Upload files | Everyone |
| database_read | Perform database query | Everyone |
| database_manage | Database schema management (edit, update, delete tables and rows) | Administrators |
| network | Allow network access (Web Requests, FTP..) | Everyone |
| notifications | List and read notifications | Everyone |
| help | Access help | Everyone |
| dashboard | View dashboards from navigation | Everyone |
| fulltext_search | Full text query | Everyone |
| channel_read | List channels | Everyone |
| channel_write | Edit channel properties | Everyone |
| case_tag | Edit tags on a case | Everyone |
| audit_search | View audit log records | Administrators |
| phone | Use Phone application | Everyone |
| wopi | Use document (.docx, .xls etc) editors | Everyone |
| meeting | Start meetings | Everyone |