The optional RolePermissions Attributespecifies the Permissionsthat apply to a Nodefor all Roleswhich have access to the Node. The value of the Attributeis an array of RolePermissionType Structures(see Table 8).

Table 8– RolePermissionType

Name

Type

Description

RolePermissionType

Structure

Specifies the Permissionsfor a Role

roleId

NodeId

The NodeIdof the Role Object.

permissions

PermissionType

A mask specifying which Permissionsare available to the Role.

Serversmay allow administrators to write to the RolePermissions Attribute.

If not specified, the value of DefaultRolePermissions Propertyfrom the NamespaceMetadata Objectassociated with the Nodeshall be used instead. If the NamespaceMetadata Objectdoes not define the Propertyor does not exist, then the Servershould not publish any information about how it manages Permissions.

If a Serversupports Permissionsfor a particular Namespaceit shall add the DefaultRolePermissions Propertyto the NamespaceMetadata Objectfor that Namespace(see Figure 8). If a particular Nodein the Namespaceneeds to override the default values, the Serveradds the RolePermissions Attribute to the Node. TheDefaultRolePermissions Propertyand RolePermissions Attribute shall only be readable by administrators. If a Serverallows the Permissionsto be changed these values shall be writeable. If the Serverallows the Permissionsto be overridden for a particular Nodebut does not currently have any Node Permissionsconfigured, then the value of the Attributeshall be an empty array. If the administrator wishes to remove overridden Permissions, an empty array shall be written to this Attribute. Serversshall prevent Permissionsfrom being changed in such a way as to render the Serverinoperable.

If a Serverpublishes information about the Rolesfor aNamespaceassigned to the current Session,it shall add the DefaultUserRolePermissions Property to the NamespaceMetadata Objectfor that Namespace. The value of this Propertyshall be a readonly list of Permissionsfor each Roleassigned to the current Session. If a particular Nodein the Namespaceoverrides the default RolePermissions the Servershall also override theDefaultUserRolePermissions by adding the UserRolePermissions Attribute to the Node. If the Serverallows the Permissionsto be overridden for a particular Nodebut does not currently have any Node Permissionsconfigured, then the Server shall return the value of the DefaultUserRolePermissions Propertyfor the Node Namespace.

If a Serverimplements a vendor specific Role Permissionmodel for a Namespace,it shall not add the DefaultRolePermissions orDefaultUserRolePermissions Properties to the NamespaceMetadata Object.

image011.png

Figure 8– Permissions in the Address Space