Default Permissions Table

When a new user account is created, AggreGate Server builds a default permissions table for it. The contents of this table depends on the account name, and on the contents of two AggreGate Server global properties: Additional Permissions For New Users and Default User Permissions.

Last three records of the new user's permissions table have special meaning. Here is an example:

Context Mask	Permissions
users.NAME_OF_USER	Manager
users.*	None
*	Manager

The first record declares Manager-level access to all contexts that are defined under the user's own User context (e.g. users.NAME_OF_USER.alerts etc.). This level will be used if no dedicated permission level is assigned to a user's resource by the prior records.

The second line denies access to contexts of all other AggreGate Server users by setting None-level permissions for them. Thus, the effective permission level for the context users.user123.widgets will be None (Unless, of course, the new account happens to be user123).

The third line defines Manager-level to all other contexts that are not related to user accounts. This prevents a new user from executing administrative actions. For example, a new user will not be able to view administrative events because the Default Permission Level of the Administration context is Administrator. They would also not be able to stop or restart the AggreGate Server, because the Stop server and Restart server actions (defined in the Root Context) require Administrator-level access to this context.

For every record of Default User Permissions table, a new record is added to the top of new user's permissions table. If Default User Permissions record is disabled, user is assigned None permission level to the resource specified by Default User Permissions record. Otherwise, the default level specified during user registration is used for the resource.

Context Mask	Permissions
users.NAME_OF_USER.dsgroups	None
users.NAME_OF_USER.devgroups	None
users.NAME_OF_USER.filters	None
users.NAME_OF_USER.alerts	Manager
users.NAME_OF_USER.common	None
users.NAME_OF_USER.jobs	None
users.NAME_OF_USER.queries	None
users.NAME_OF_USER.widgets	Manager
users.NAME_OF_USER.autorun	None
users.NAME_OF_USER.favourites	None
common	None
users.NAME_OF_USER	Manager
users.*	None
*	Manager

In the above example, only Alerts and Widgets records were enabled in Default User Permissions during user creation.

All records from the Additional Permissions For New Users table are added to the very top of the permissions table and thus have highest priority. For example, let's assume we have two records in the Additional Permissions table:

Context Mask (use % for user name)	Permissions
users.%.widgets	Administrator
external_device_servers	Administrator

Assuming all items in Default User Permissions are enabled, we'll get the following permissions table for a new user:

Context Mask	Permissions
users.NAME_OF_USER.widgets	Administrator
external_device_servers	Administrator
users.NAME_OF_USER	User
users.*	None
*	User