Access control for metadata fields¶
Metadata field access control lists can be used to control the usage of metadata fields and metadata field groups at a global level, i.e. they apply to all items. The default behavior for a field or a group without any access control list is to grant everyone full permissions.
In case of a conflict, i.e. one or more entries in the access control list for a certain field or group applies to the same user - the entry granting the highest level of permissions apply.
Note that metadata field access control lists are applied after any other access control list have been applied. So for example a metadata field access control list won’t grant a user access to a certain field of an item’s metadata if the user cannot access the item in the first place.
There are four levels of permission, higher levels of permissions include all other permissions. The semantics of each permission differs depending on if it is associated with a group or a field.
|NONE||Grants no permissions whatsoever.||Grants no permissions whatsoever.|
|READ||Determines if user can see the contents of a field.||Allows for the group to be retrieved and seen when it is listed. Also allows for the group to be associated with items.|
|WRITE||Allows a user to set the value of a field.||Allows fields to be added and removed from the group.|
|DELETE||Allows a user to delete a field from the metadata of an item.||Allows deletion of the group.|