Permissions can be used to restrict access for specific features, so only authorized users can access them. In principle, a User needs a connection to a Permission to be able to access functionalities that require that Permission.

Permissions are defined as nodes with an IA_Permission label, and can have the following properties:

Key Description Value
error Error message to display when access is denied. string
expression Javascript expression to evaluate whether the user should have access. * Javascript string
query Query to execute against the application store to determine whether the user should have access. * Query language should match the specified store. Query string
store The name of the store on which to execute the specified query. Defaults to application. string
name The name of the Permission. If set to a built-in Permission name (see below), it will be used to determine access the specified Graphileon core functionality. string

* Queries should return only one row with an allow (boolean) column, that determines the user's access. Expressions can either return a boolean directly, or an array with a single object containing an allow property (similar structure to the query result).

* Both queries and expressions can use parameters, prefixed with $ (e.g. $myParam === 123). Parameter values are filled in by REQUIRE relations to the Permission, similar to how Triggers fill in parameter values for Functions.

Built-in permission names

The following permission names are used to control access to Graphileon core functionalities:

Permission Allows to Context
language:translate Manage translations
function:create Create Function Function node to create
function:delete Delete Function Function node to delete
function:read Read/load Function information, including its Triggers Function node to read
function:update Change Function information Function node to update
function:write Create/update/delete Function Function node to write
node:create Create node Node to create
node:delete Delete node Node to delete
node:read Read node information Node to read
node:update Change node information Node to update
node:write Create/update/delete node Node to write
query:custom Execute custom query function: Query Function node
queries: object
relation:create Create relation Node to create
relation:delete Delete relation Node to delete
relation:read Read relation information Relation to read
relation:update Change relation information Node to update
relation:write Create/update/delete relation Rode to write
settings Manage settings
team:add-team Add team to other team parent: Parent team node
child: Child team node
team:add-user Add user to team team: Team node
user: User node
team:remove-team Remove team from other team parent: Parent team node
child: Child team node
team:remove-user Remove user from team team: Team node
user: User node
team:create Create team Team node to create
team:delete Delete team Team node to delete
team:read Read team information Team node to read
team:update Update team information Team node
team:users List team user Team node
team:write Create/update/delete team Team node to write
user:create Create user User node to create
user:current Read own user information User node to read
user:delete Delete user User node to delete
user:dev-mode Set own user to dev mode User node to update
user:read Read user information User node to read
user:review-request Review user registration requests User node to review
user:update Update user information / create user tokens User node to update
user:write Create/update/delete user User node to write