Privileges 
In contrast to the authentication, which is performed to identify the users at logon, authorization is the granting of permissions to users, allowing them to perform certain tasks. This assignment is done by privileges and access control lists (ACLs).
Executing certain tasks is tied to elementary rights, or privileges. Such tasks are, for example, reading, writing, or checking in files. Privileges are independent of one another: The right to write does not automatically include the right to read. The table below describes the privileges defined for the DTR.
Elementary Privileges
Privilege |
Applies to |
Controlled Rights |
access |
Resource |
Controls the access to meta data information using the resource. |
read |
Resource |
Controls the read access to information using the state of the resource and its properties. |
write |
Resource |
Controls the permission to change the content of a resource or to add, change, and delete files or folders. |
checkin |
Workspace |
Controls the permission to check in activities into the workspace. |
import |
Repository |
Controls the permission to import activities into the repository. |
export |
Activities/propagation lists |
Controls the permission to export activities or propagation lists from the repository. |
integrate |
Workspace |
Controls the integration of activities from another workspace into the current workspace. |
adminA |
Repository |
Controls the basic administration tasks, which include creating workspaces or users. |
adminX |
Repository |
Controls the critical administration tasks, which include deleting version histories. |
Types of Privileges
· grant: grants permission for a certain right
· deny: denies permission for a certain right
· finalDeny: This restriction cannot be overwritten.
Absence of a deny privilege cannot be interpreted as a grant.
Assigning Privileges to Methods
The table below shows the privileges required for all tasks in the repository:
Assigning Permissions to Methods
DeltaV-Method (Operation) |
Required Grant permission |
Target |
OPTIONS (browse) |
access |
“/” |
PROPFIND (browse) |
read |
Target resource |
GET (synchronize) |
read |
Target resource |
REPORT (required for CHECKIN) |
read |
Target resource |
PROPPATCH (required for MKACTIVITY) |
read write |
Target resource |
PUT (upload) |
read write |
Parent directory |
CHECKOUT (edit) |
read write |
Target resource |
CHECKIN |
checkin |
Target workspace |
MKACTIVITY (create an activity) |
read write |
Activity directory |
MKWORKSPACE (create a workspace) |
read write adminA |
Workspace collection |
MKCOL (create a directory) |
read write |
Target directory |
MKPROPAGATIONLIST (create a propagation list) |
read write |
Propagation list directory |
DELETE |
read write |
Target resource |
INTEGRATE |
integrate |
Target workspace |
DISCARD |
read write |
Target resource |
MERGE |
read write |
Target resource |
COPY |
read |
Source resource |
COPY |
read write |
Target directory |
MOVE |
read write |
Source directory |
MOVE |
read write |
Target directory |
EXPORT (Propagation) |
read export |
Activity |
IMPORT (Propagation) |
import |
“/” |