Acquire a session lock.
Submit edits to time series topic events which have an author which is the same as the principal of the calling session.
This permission is a more restrictive alternative to `EDIT_TIME_SERIES_EVENTS`.
The `UPDATE_TOPIC` permission is required to update a time series topic. This permission is additionally required to submit edits to a time series topic where the event author is the same as the principal of the calling session.
Expose a branch of the topic tree as a virtual session tree.
The EXPOSE_BRANCH
path permission is powerful since it allows a
session to expose a whole branch of the topic tree under a different set
of path permissions.
A session granted EXPOSE_BRANCH
for a particular path effectively
has the permission for all descendant paths. From a security perspective,
if a role grants EXPOSE_BRANCH
at branch X
it is
ineffectual for it also to deny EXPOSE_BRANCH
at a child branch
X/Y
because a branch mapping to X
can still expose paths
below X/Y
.
Add or remove topics
Evaluate queries that return a non-current view of a time series topic.
The `READ_TOPIC` permission is required to evaluate any type of `Query` for a time series topic. This permission is additionally required for queries that potentially return a non-current view of all or part of a time series. Such queries include value range queries that specify an edit range, and all types of edit range query.
Required to receive information from a topic.
If a session does not have read_path permission for a topic, the topic will be excluded from the results of subscription or fetch operations for the session, and the topic's details cannot be retrieved by the session.
Use a topic selector that selects a topic path.
To fetch or subscribe using a topic selector, a session must have SELECT_TOPIC permission for each individual path that the selector may match. This allows SELECT_TOPIC to be granted to a branch of the topic tree and explicitly revoked for specific sub-branches.
For full path pattern topic selectors, the model is even more restrictive: SELECT_TOPIC permission is required for all paths, at and below the path prefix of the selector. This is necessary to prevent circumvention using advanced regular expressions.
When the subscription or fetch request completes, the resulting topics are further filtered based on the PathPermission.READ_TOPIC permission.
A session that has READ_TOPIC
but not SELECT_TOPIC
for a
particular topic path cannot subscribe directly to topics belonging to
the path. However, the session can be independently subscribed by a
control session that has GlobalPermission.MODIFY_SESSION
permission in addition to the appropriate SELECT_TOPIC
permission.
Send a message to a handler registered with the server
Send a message another session
A permission that is unsupported by the session
Update topics
Permissions that are applied on a path