Not all applications would require the usage of ACLs to finely tune the permission model for each of the entities in their application. At a default level, the ACLs are defined on each entity within your mitter.io application such that a basic permission model is provided in terms of access and grants to an acting user.
Throughout the document we have covered the permissibiltiy of each operation depending on the actor and this page merely collects all that information in one place. In this document
.system referes to the user that is resolved when accessing the APIs using an application access key/secret.
For a channel:
authenticated user can create a channel
.system can create a channel
.system can delete a channel
Adding a participant
authenticated user add themselves to a channel
.system can add any user to any channel
Removing a participant
authenticated user can remove themselves from a channel.
.system can remove any participant from any channel
Getting a list of participants
participant of a channel can get a list of all participants in that channel.
.system can get all participants for any channel.
Getting a channel object
participant of a channel can access the channel object.
.system can get the channel object for any channel.
For a message:
participant of a channel can send a message to a that channel with themselves as the sender.
.system can send a message to any channel with any user as the sender.
participant of a channel can read and will receive all messages that are sent to a channel.
.system can read any message on any channel, but it won't
receive any messages as
.system cannot assign delivery endpoints to itself.
authenticated user can delete a message that was sent by them.
.system can delete any message.
.system can create users
.system can get tokens issued, revoked or listed for any user, except itself.
authenticated user can get additional tokens for themselves.
authenticated user can revoke any token that has been issued to them.
authenticated user an list all token ids for tokens that have been issued to them.
.system can delete users.
authenticated user can fetch or patch metadata for themselves.
.system can fetch and patch metadata for any user, except itself.