Privileges#
A person can receive privileges through membership in an organization or as a collaborator of a space.
Organization privileges#
Create Space#
A person requires the Skalio ID role Service.Drive.CreateSpace in order to create a new space. The new space is owned by the person's organization. The person is automatically assigned as a collaborator with admin privilege.
Without this role, a person can still participate in spaces where they exist as collaborators. However, they cannot create space of their own.
Organization Admin#
Note: not yet implemented!
A person with the Skalio ID role Organization.Admin can list all spaces of an organization and their collaborators. The person can manage collaborators by assigning or removing persons or updating their privileges. The person can also delete the space completely.
Collaborator privileges#
These privileges are managed by Drive and stored in the Collaborator relationship between a person and a space. They define the access rights of the person on data stored in the space.
Read#
- View space metadata (name, description, avatar, organisation)
- List collaborators of a space
- List pending invitations of a space
- List files of a space, including trash
- View (download, open) files of a space, including metadata
Write#
- All read privileges
- Create a new file
- Update, overwrite, append to an existing file
- Update metadata of a file (rename/move, timestamps)
- Move a file to trash
- Delete a file permanently (bypassing trash)
- Recover file (move back from trash)
- Purge an individual file in trash (delete permanently)
- Purge all files in trash (delete permanently)
Admin#
-
All write privileges
-
List collaborators of a space, including admin-reference
- Invite new collaborator
- Remove collaborator
- Update privileges of collaborator
- List pending invitations of a space, including admin-reference
- Cancel pending invitations
- Update space metadata (name, description, avatar)
- Destroy space (delete all data of the space permanently)