Basic Permissions and Privileges
Not all applications would require the usage of ACLs to finely tune the permission model for each of the entities in their application. At a default level, the ACLs are defined on each entity within your mitter.io application such that a basic permission model is provided in terms of access and grants to an acting user.
Throughout the document we have covered the permissibiltiy of each operation depending on the actor and this page merely collects all that information in one place. In this document
.systemreferes to the user that is resolved when accessing the APIs using an application access key/secret.
For a channel:
authenticated usercan create a channel
.systemcan create a channel
.systemcan delete a channel
- 3.Adding a participant
authenticated useradd themselves to a channel
.systemcan add any user to any channel
- 4.Removing a participant
authenticated usercan remove themselves from a channel.
.systemcan remove any participant from any channel
- 5.Getting a list of participants
participantof a channel can get a list of all participants in that channel.
.systemcan get all participants for any channel.
- 6.Getting a channel object
participantof a channel can access the channel object.
.systemcan get the channel object for any channel.
For a message:
participantof a channel can send a message to a that channel with themselves as the sender.
.systemcan send a message to any channel with any user as the sender.
participantof a channel can read and will receive all messages that are sent to a channel.
.systemcan read any message on any channel, but it won't
receiveany messages as
.systemcannot assign delivery endpoints to itself.
authenticated usercan delete a message that was sent by them.
.systemcan delete any message.
.systemcan create users
.systemcan get tokens issued, revoked or listed for any user, except itself.
authenticated usercan get additional tokens for themselves.
authenticated usercan revoke any token that has been issued to them.
authenticated useran list all token ids for tokens that have been issued to them.
.systemcan delete users.
authenticated usercan fetch or patch metadata for themselves.
.systemcan fetch and patch metadata for any user, except itself.