Interface Permission
- All Known Implementing Classes:
BatchPermissions,HistoricProcessInstancePermissions,HistoricTaskPermissions,OptimizePermissions,Permissions,ProcessDefinitionPermissions,ProcessInstancePermissions,SystemPermissions,TaskPermissions,UserOperationLogCategoryPermissions
public interface Permission
A permission represents an authorization to interact with a given
resource in a specific way. See Permissions for a set of built-in
permissions and Authorization for general overview on authorizations.
In Camunda Platform, multiple permissions are grouped into an Authorization.
For efficient storage and checking of authorizations, the permissons that make
up an authorization are coded into a single integer.
The implication of this design is that a permission must have a unique integer value
and it must be a power of two, ie 2^0, 2^1, 2^2, 2^3, 2^4 ...
The permission can then be added to an authorization using bitwise OR:
Auth: 0000001001001
Perm to add: 0000000010000
bit OR (|) : 0000001011001
and removed using bitwise AND of the inverted value:
Auth: 0000001001001
Perm to rem: 0000000001000
invert (~) : 1111111110111
bit AND (&): 0000001000001
Defining a custom Permission
The XxxPermissions classes contains the values of the built-in permissions (i.e.Permissions, ProcessDefinitionPermissions,
ProcessInstancePermissions, TaskPermissions,
all can be found in authorization package).
In order to define a custom permission, you must provide
an implementation of this interface such that the getValue()
method returns an integer which is a power of two and not yet used by any of the
built-in Permissions. Keep the Permission's names unique as well.
You must implement also getTypes() and make sure that
the permission values are not already reserved for the desired
Resource.- Since:
- 7.0
- Author:
- Daniel Meyer
-
Method Summary
-
Method Details