Privilege StructureIT Hit WebDAV Classes Reference
Specifies a privilege that can be given to a principal on an item.
ITHit.WebDAV.Server (in ITHit.WebDAV.Server.dll) Version: 9.1.5460-Beta
public struct Privilege : IEquatable<Privilege>
Public Structure Privilege
Implements IEquatable(Of Privilege)
public value class Privilege : IEquatable<Privilege>
type Privilege =
The Privilege type exposes the following members.
Initializes a new instance of the Privilege class.
Methods Operators Fields Remarks
Ability to perform a method on an item is controlled by one or more privileges.
A principal with no privileges to a resource will be denied any access to that resource, unless the principal
matches an ACE constructed using the All
, or Unauthenticated
Privileges may be containers of other privileges, in which case they are termed "aggregate privileges". If a
principal is granted or denied an aggregate privilege, it is semantically equivalent to granting or denying each
of the aggregated privileges individually. For example, an implementation may define add-member and
remove-member privileges that control the ability to add and remove a member of a group. Since these
privileges control the ability to update the state of a group, these privileges would be aggregated by the
privilege on a group, and granting the Write
on a group would also grant the add-member and remove-member privileges.
Privileges may be declared to be "abstract" for a given resource, in which case they cannot be set in an ACE on
that resource. Aggregate and non-aggregate privileges are both capable of being abstract. Abstract privileges
are useful for modeling privileges that otherwise would not be exposed via the protocol. Abstract privileges
also provide server implementations with flexibility in implementing the privileges. For example, if a server
is incapable of separating the read item capability from the read ACL capability, it can still model the
privileges defined in this specification by
declaring them abstract, and containing them within a non-abstract aggregate privilege (say, read-all) that
, and ReadAcl
. In this way, it is possible to set
the aggregate privilege, read-all, thus coupling the setting of Read
, but it is not possible to set Read
individually. Since aggregate privileges can be abstract, it is also possible
to use abstract privileges to group or organize non-abstract privileges. Privilege containment loops are not
allowed; therefore, a privilege MUST NOT contain itself. For example, Read
. The set of privileges that apply to a particular item may vary with the
type of item (folder, resource), as well as between different server implementations. To promote
interoperability, however, a set of well-known privileges (e.g., Read
, and All
) is defined, which can at least
be used to classify the other privileges defined on a particular resource.
Server implementations MAY define new privileges beyond those defined in Privilege
defined by individual implementations MUST NOT use the DAV: namespace, and instead should use a
namespace that they control, such as an http scheme URL.