Enum PathPermission
- Namespace
- PushTechnology.ClientInterface.Client.Types
- Assembly
- Diffusion.Client.dll
Permissions protecting access-controlled operations that are evaluated for a specific path.
public enum PathPermission : byteFields
ACQUIRE_LOCK = 9Acquire a session lock.
EDIT_OWN_TIME_SERIES_EVENTS = 8Submit edits to time series topic events which have an author which is the same as the principal of the calling session.
EDIT_TIME_SERIES_EVENTS = 7Submit edits to time series topic events.
EXPOSE_BRANCH = 11Expose a branch of the topic tree via a virtual session tree (see ISessionTrees).
The
EXPOSE_BRANCHpath permission is powerful since it allows a session to expose a whole branch of the topic tree under a different set of path permissions.A session granted
EXPOSE_BRANCHfor a particular path effectively has the permission for all descendant paths. From a security perspective, if a role grantsEXPOSE_BRANCHat branchXit is ineffectual for it also to denyEXPOSE_BRANCHat a child branchX/Ybecause a branch mapping toXcan still expose paths belowX/Y.Since 6.7
MODIFY_TOPIC = 2Add a topic or remove a topic.
QUERY_OBSOLETE_TIME_SERIES_EVENTS = 6Evaluate queries that return a non-current view of a time series topic.
READ_TOPIC = 0Required to receive information from a topic.
SELECT_TOPIC = 5Use a topic selector that selects the topic path.
SEND_TO_MESSAGE_HANDLER = 3Send a message to a handler registered with the server.
SEND_TO_SESSION = 4Send a message to a client session.
UNKNOWN_PATH_PERMISSION = 10A permission that is unsupported by the session.
UPDATE_TOPIC = 1Update a topic.
Remarks
To fetch or subscribe using a topic selector, a session must have SELECT_TOPIC permission for each individual path that the selector may match. This allows SELECT_TOPIC to be granted to a branch of the topic tree and explicitly revoked for specific sub-branches.
For full path pattern topic selectors, the model is even more restrictive: SELECT_TOPIC permission is required for all paths, at and below the path prefix of the selector. This is necessary to prevent circumvention using advanced regular expressions.
When the subscription or fetch request completes, the resulting topics are further filtered based on the READ_TOPIC permission.
A session that has READ_TOPIC but not SELECT_TOPIC for a particular topic path cannot subscribe directly to topics belonging to the path. However, the session can be independently subscribed by a control session that has MODIFY_SESSION permission in addition to the appropriate SELECT_TOPIC permission.
If a session does not have READ_TOPIC permission for a topic, the topic will be excluded from the results of subscription or fetch operations for the session, and the topic's details cannot be retrieved by the session.
The READ_TOPIC permission is required to evaluate any type of IQuery<TValue> for a time series topic. The QUERY_OBSOLETE_TIME_SERIES_EVENTS permission is additionally required for queries that potentially return a non-current view of all or part of a time series. Such queries include value range queries that specify an edit range, and all types of edit range query.
The UPDATE_TOPIC permission is required to update a time series topic. The EDIT_TIME_SERIES_EVENTS permission is additionally required to submit edits via EditAsync<TValue>(string, long, TValue) to a time series topic.
The EDIT_OWN_TIME_SERIES_EVENTS permission is a more restrictive alternative to EDIT_TIME_SERIES_EVENTS.
The UPDATE_TOPIC permission is required to update a time series topic. The EDIT_OWN_TIME_SERIES_EVENTS permission is additionally required to submit edits via EditAsync<TValue>(string, long, TValue) to a time series topic where the event author is the same as the principal of the calling session.