Object permission

Object permissions are the concrete permissions on XDM objects.

Properties

The table below documents the available properties for object permissions. The 'name' column displays the property name as it can be used in Groovy and Java Scripts.

Name	Type	Default	Description
Administration permission administration	Boolean	false	Specifies that the grantee can grant and revoke permissions to and from other users. A user that creates an object automatically receives the `ADMINISTRATION` permission on that object.
Apply SQL applySql	Boolean	false	Specifies that the grantee can apply DDL/DML statements against the database connection.
Browse permission browse	Boolean	false	Specifies that the grantee is allowed to see the contents of database tables when using the schema browser, and when inspecting the output of an XDM task that provides a data preview. This permission only applies to connections.
Delete delete	Boolean	false	Specifies that the grantee can delete objects of the selected types.
Diagnose permission diagnose	Boolean	false	This permission controls access to diagnostic data of a task execution. The diagnostic data consists of the stages, their outputs and the batch reports.
Execute execute	Boolean	false	Specifies that the grantee may execute the object, or schedule the object for later execution. This permission only applies to objects that are executable, i. e. tasks, task templates, workflows, workflow templates, and data shops.
Grantee grantee	PermissionRecipient	n/a	The user or role to whom the specified permissions are granted by default.
Inherited inherited	Boolean	false	Specifies whether this permission is inherited from the parent object or it is an individual permission.
Modify data modifyData	Boolean	false	Specifies that the grantee can write table rows which are protected by a data reservation and update the properties of the data reservation.
Owner owner	Object	n/a	Typically, the owner is the XDM object for which this permission applies.
Owner Permission ownerPermission	Boolean	n/a	Indicates whether the permission is the owner permission of the object. The grantee is the user who created the object. The owner permission is a special permission. It cannot be deleted to ensure that there is a user who can manage the object and its permissions.
Read permission read	Boolean	true	Specifies that the grantee has read permission on the object. The grantee is able to see the object in lists and can see all of the object’s details, such as rules or access permissions. In addition, the grantee can reference this object. For example, a user who has `READ` permission on a credential object can refer to this credential object when creating a new database connection.
Script usage permission script	Boolean	false	Specifies that the object can be used as a parameter for an XDM task stage hook. This permission only applies to credentials. If a user does not have the `SCRIPT` privilege for the credential, it is not displayed in the drop-down list where the credential for a task stage hook parameter needs to be selected.
Use as source sourceUsage	Boolean	false	Specifies that the object can be used as the source for an XDM task. This permission only applies to environments and connections. If a user does not have the `SOURCE_USAGE` privilege for an environment or connection, it is not displayed in the drop-down list where the source environment or connection for a task needs to be selected.
Use as target targetUsage	Boolean	false	Specifies that the object can be used as the target for an XDM task. This permission only applies to environments and connections. If a user does not have the `TARGET_USAGE` privilege for an environment or connection, it is not displayed in the drop-down list where the target environment or connection for a task needs to be selected.
Write permission write	Boolean	false	Specifies that the grantee has the permission to change the settings and attributes of an object. This also includes modifying any rule lists that might be associated with the object (for example, the selection rules of a task template).

Name

Type

Default

Description

Administration permission

administration

Boolean

false

Specifies that the grantee can grant and revoke permissions to and from other users.

A user that creates an object automatically receives the ADMINISTRATION permission on that object.

Apply SQL

applySql

Boolean

false

Specifies that the grantee can apply DDL/DML statements against the database connection.

Browse permission

browse

Boolean

false

Specifies that the grantee is allowed to see the contents of database tables when using the schema browser, and when inspecting the output of an XDM task that provides a data preview. This permission only applies to connections.

Delete

delete

Boolean

false

Specifies that the grantee can delete objects of the selected types.

Diagnose permission

diagnose

Boolean

false

This permission controls access to diagnostic data of a task execution. The diagnostic data consists of the stages, their outputs and the batch reports.

Execute

execute

Boolean

false

Specifies that the grantee may execute the object, or schedule the object for later execution. This permission only applies to objects that are executable, i. e. tasks, task templates, workflows, workflow templates, and data shops.

Grantee

grantee

PermissionRecipient

n/a

The user or role to whom the specified permissions are granted by default.

Inherited

inherited

Boolean

false

Specifies whether this permission is inherited from the parent object or it is an individual permission.

Modify data

modifyData

Boolean

false

Specifies that the grantee can write table rows which are protected by a data reservation and update the properties of the data reservation.

Owner

owner

Object

n/a

Typically, the owner is the XDM object for which this permission applies.

Owner Permission

ownerPermission

Boolean

n/a

Indicates whether the permission is the owner permission of the object. The grantee is the user who created the object. The owner permission is a special permission. It cannot be deleted to ensure that there is a user who can manage the object and its permissions.

Read permission

read

Boolean

true

Specifies that the grantee has read permission on the object. The grantee is able to see the object in lists and can see all of the object’s details, such as rules or access permissions.

In addition, the grantee can reference this object. For example, a user who has READ permission on a credential object can refer to this credential object when creating a new database connection.

Script usage permission

script

Boolean

false

Specifies that the object can be used as a parameter for an XDM task stage hook. This permission only applies to credentials. If a user does not have the SCRIPT privilege for the credential, it is not displayed in the drop-down list where the credential for a task stage hook parameter needs to be selected.

Use as source

sourceUsage

Boolean

false

Specifies that the object can be used as the source for an XDM task. This permission only applies to environments and connections. If a user does not have the SOURCE_USAGE privilege for an environment or connection, it is not displayed in the drop-down list where the source environment or connection for a task needs to be selected.

Use as target

targetUsage

Boolean

false

Specifies that the object can be used as the target for an XDM task. This permission only applies to environments and connections. If a user does not have the TARGET_USAGE privilege for an environment or connection, it is not displayed in the drop-down list where the target environment or connection for a task needs to be selected.

Write permission

write

Boolean

false

Specifies that the grantee has the permission to change the settings and attributes of an object. This also includes modifying any rule lists that might be associated with the object (for example, the selection rules of a task template).

Actions

The available actions are described below. Some actions apply to the list, while others are specific to selected object permissions.

List Actions

The following actions are available on the object permissions list. If the action is disabled a tooltip will provide the exact reason for the deactivation. The required permissions are described in detail for each action.

Create

Creates a new object in the current list. Depending on the object type either a popup dialog is shown for the most important settings, or the complete object is shown in edit mode. The dialog provides the option to create the object and remain in the current list or to switch to the newly created object in edit mode to perform further changes.

The following permissions are required on the list:

CREATE

Object Actions

The following actions are available on specific object permissions. In order to execute the action, the user must possess the necessary permissions for the object. The permissions required for each action are described individually. If the user does not have these permissions, the action will be disabled and the tooltip will provide the exact reason for the deactivation.

Delete
Edit

Delete the object. If the object is still used by another entity, an error message is displayed, and the object is not deleted. The delete operation must be confirmed in a separate popup.

The following options are available:

Cascade: Recursively delete depending objects.

When using cascade, dependent objects are deleted first also with cascade enabled. Thus, a cascade deletion is a recursive function that deeply searches for dependent objects and deletes them first. There is only a confirmation for the first object. The dependent objects are deleted without confirmation but only when the user has the DELETE permission.

This feature is only available in development mode. More information about development mode can be found in the chapter User Settings. It should be used with caution.

The following permissions are required:

DELETE
READ

Opens the current entity in edit mode.

The following permissions are required:

READ
WRITE