The CDP4 WebServices makes use of a role based permission scheme. The roles and permissions are granted to users for the 2 kinds of TopContainer. If a user has read or read-write access to a kind of Thing in the CDP WebServices those Things are returned on a GET request or can be created, updated and deleted by means of a POST request. If the user does not have at least read access to a kind of Thing, instances of that type will never be returned in a the response of a GET request.
When we look again at the GET request on the Person class, if a Person would not be granted read access to EmailAddress and the following GET request would be performed:
the EmailAddress instances contained by the Person object would not be returned as part of the resulting JSON array.
The Person class has a property called role of type PersonRole. This role determines the permissions a Person (thus a user) has on the SiteDirectory. A PersonRole contains multiple instances of PersonPermission. The PersonPermission class determines for a kind of class in the containment of the SiteDirectory TopContainer whether the user has read, read-write, or no access to that class.
The PersonRoles are contained by the SiteDirectory
A Person is granted access to an EngineeringModel by means of a Participant class. A Participant references a participantRole which in turn contains multiple instances of ParticipantPermission. The ParticipantPermission class determines for a kind of class in the containment of the EngineeringModel TopContainer whether the user has read, read-write, or no access to that class.
Last modified 3 years ago.