Comment on page
Basic Permissions and Privileges
Not all applications would require the usage of ACLs to finely tune the permission model for each of the entities in their application. At a default level, the ACLs are defined on each entity within your mitter.io application such that a basic permission model is provided in terms of access and grants to an acting user.
Throughout the document we have covered the permissibiltiy of each operation depending on the actor and this page merely collects all that information in one place. In this document
.system
referes to the user that is resolved when accessing the APIs using an application access key/secret.For a channel:
- 1.Creating
- 1.Any
authenticated user
can create a channel - 2.
.system
can create a channel
- 2.Deletion
- 1.Only
.system
can delete a channel
- 3.Adding a participant
- 1.Any
authenticated user
add themselves to a channel - 2.
.system
can add any user to any channel
- 4.Removing a participant
- 1.Any
authenticated user
can remove themselves from a channel. - 2.
.system
can remove any participant from any channel
- 5.Getting a list of participants
- 1.Any
participant
of a channel can get a list of all participants in that channel. - 2.
.system
can get all participants for any channel.
- 6.Getting a channel object
- 1.Any
participant
of a channel can access the channel object. - 2.
.system
can get the channel object for any channel.
For a message:
- 1.Sending
- 1.Any
participant
of a channel can send a message to a that channel with themselves as the sender. - 2.
.system
can send a message to any channel with any user as the sender.
- 2.Reading
- 1.Any
participant
of a channel can read and will receive all messages that are sent to a channel. - 2.
.system
can read any message on any channel, but it won'treceive
any messages as.system
cannot assign delivery endpoints to itself.
- 3.Deleting
- 1.Any
authenticated user
can delete a message that was sent by them. - 2.
.system
can delete any message.
- 1.Creating
- 1.Only
.system
can create users
- 2.Authentication
- 1.Only
.system
can get tokens issued, revoked or listed for any user, except itself. - 2.Any
authenticated user
can get additional tokens for themselves. - 3.Any
authenticated user
can revoke any token that has been issued to them. - 4.Any
authenticated user
an list all token ids for tokens that have been issued to them.
- 3.Deletion
- 1.Only
.system
can delete users.
- 4.Metadata
- 1.Any
authenticated user
can fetch or patch metadata for themselves. - 2.
.system
can fetch and patch metadata for any user, except itself.