Currently we have the following which limits the permission types granted to an enumerated list. We need to be able to support other types.
<xs:element name="Permission" minOccurs="1" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>A permission rule associated with an object, e.g. read and write access being granted to a user.</xs:documentation>
</xs:annotation>
<xs:complexType>
<xs:annotation>
<xs:documentation>A permission rule associated with an object, e.g. read and write access being granted to a user.</xs:documentation>
</xs:annotation>
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:choice minOccurs="1" maxOccurs="1">
<xs:element name="User" type="evt:UserComplexType" minOccurs="1" maxOccurs="1">
<xs:annotation>
<xs:documentation>A user that has been granted (or is prevented from having) some form of permission.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Group" type="evt:GroupComplexType" minOccurs="1" maxOccurs="1">
<xs:annotation>
<xs:documentation>A named group of users that has been granted (or is prevented from having) some form of permission.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:choice>
<xs:element name="Allow" type="evt:PermissionAttributeSimpleType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The permission attributes that have been explicitly allowed.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element name="Deny" type="evt:PermissionAttributeSimpleType" minOccurs="0" maxOccurs="unbounded">
<xs:annotation>
<xs:documentation>The permission attributes that have been explicitly denied.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:simpleType name="PermissionAttributeSimpleType">
<xs:annotation>
<xs:documentation>The types of permission that can be assigned to an entity such as a document.</xs:documentation>
</xs:annotation>
<xs:restriction base="xs:string">
<xs:enumeration value="Author"/>
<xs:enumeration value="Owner"/>
<xs:enumeration value="Read"/>
<xs:enumeration value="Write"/>
<xs:enumeration value="Execute"/>
</xs:restriction>
</xs:simpleType>To avoid breaking the validation for existing documents the suggestion is to change the enum to regex pattern that will allow for other custom permission names. If we use the pattern ^(Author|Owner|Read|Write|Executor|Other: .*)$ then we can have values like:
<Allow>Owner</Allow>
<Allow>Other: Create Pipeline</Allow>
<Allow>Other: Create Folder</Allow>
The downside to this is that we lose the Java enum in the jaxb library, but it will still be enforced with schema validation.
Currently we have the following which limits the permission types granted to an enumerated list. We need to be able to support other types.
To avoid breaking the validation for existing documents the suggestion is to change the enum to regex pattern that will allow for other custom permission names. If we use the pattern
^(Author|Owner|Read|Write|Executor|Other: .*)$then we can have values like:The downside to this is that we lose the Java enum in the jaxb library, but it will still be enforced with schema validation.