Privileges#

A person can receive privileges through membership in an organization or as a collaborator of a space.

Collaborator privileges#

These privileges are managed by Spaces and stored in the Collaborator relationship between a person and a space. They define the access rights of the person on data stored in the space.

Read#

  • View space metadata (name, description, avatar, organisation)
  • List collaborators of a space
  • List pending invitations of a space
  • List files of a space, including trash
  • View (download, open) files of a space, including metadata

Write#

  • All read privileges
  • Create new file
  • Update, overwrite, append to existing file
  • Update metadata of a file (rename/move, timestamps)
  • Move file to trash
  • Delete file permanently (bypassing trash)
  • Recover file (move back from trash)
  • Purge individual file in trash (delete permanently)
  • Purge all files in trash (delete permanently)

Admin#

  • All write privileges

  • List collaborators of a space, including admin-reference

  • Invite new collaborator
  • Remove collaborator
  • Update privileges of collaborator
  • List pending invitations of a space, including admin-reference
  • Cancel pending invitations
  • Update space metadata (name, description, avatar)
  • Destroy space (delete all data of the space permanently)

Organization privileges#

These privileges are always bound to a specific organization. They are managed by Skalio ID and encoded into the ID token.

A person can be member of multiple organizations (or none). The ID token includes the highest privilege for each organization.

Read#

  • View organization metadata (uid, allocated storage, used storage)

Creator#

  • Create a new space belonging to the organization

Organization Admin#

Note: not yet implemented!