Permissions API

Permissions in Sitefinity CMS are rights that define the actions a given user can perform on an object. Permissions set for given object are all actions that can be associated with this object. For example, the permissions set for blogs consist of the following actions: view, create, delete, change owner and change permissions. For more information about permissions, see Overview: Permissions in the Installation and administration guide.

Permission in Sitefinity CMS is characterized with a set of properties.

The name of the permission set that the permission is associated with is persisted in SetName.

To define the secured object and the principals, you use the following properties:

  • ObjectId - the ID of the secured object that the permission is associated with. Sitefinity CMS allows you to secure object instances (for example, a blog) or all objects in a type (for example, all blogs). For more information about creating permissions for secured objects, see For developers: CRUD operations with permissions.
  • PrincipalId - the ID of the principal for this permission. It can be either ID of a role, or ID of a user.

The permission stores information about the actions that are granted or denied to the principals in the Grant and Deny properties. To store the permitted or denied actions for the secured object, the permissions use integral bit masks. Sitefinity CMS uses bitwise OR operations to turn bits on in the persisted integral values. The actions in the permission set have specific order (starting from 0) that defines their value using the equation action value = 2ordinal. Sitefinity CMS uses the value to create a mask and turn a specific bit on by performing the bitwise OR operation with the persisted value in the permission. For more information about the bitwise OR mask, see Mask.

For example, to grant the create action for a blog, Sitefinity CMS performs bitwise OR between the integral value in the Grant property and the value of the create action. The create action in the blogs permissions set has ordinal of 1 out of total 5 actions. To turn the create action bit on in the Grant property, Sitefinity CMS performs the bitwise OR operation between 00000 and 00001, resulting in 00001. To permit the delete action, Sitefinity CMS performs the bitwise OR operation between 00001 and the value of the delete action, 00010. The result is 00011 that permits only create and delete actions for the blog.

To grant or deny actions, Sitefinity CMS provides you with user friendly methods that use the bitwise OR operation to manage permissions. For more information about granting and denying, see For developers: Grant and deny permissions.

A combination of value 0 for a specific action bot for both Grant and Deny properties results in denying the action. For more information about checking and demanding, see For developers: Check and demand permissions.

Was this article helpful?

Next article

Workflows API