The same permission set as used for VFS resources, can also be attached to explorer types. But here the permissions have different meanings. They control which users can create, edit or view contents of the configured type.
Resources in OpenCms are typed and for each type the explorer type configuration specifies where and when resources of the type are shown in OpenCms. Consider, for example, a content type configured as resource and explorer type. Here the explorer type configuration controls if and where an entry in the "Add wizard" in the traditional workplace appears, what icon is used for resources of that type, etc.
Not resources of every type are of interest for each user. For example, a content used for configuration may not be of interest for the usual content editor. Hence, it is useful to hide resources for some users at some places. Moreover, there may be situations where some users should be able to add existing resources of a type to a page, but not to add new resources. There are more scenarios you can think of.
Type specific permissions allow you to set permissions according to this scenarios.
Type specific permissions are set at the explorer type configuration. The permission set is identical to the permissions assigned directly to resources. But the permissions have different meanings, or are just ignored.
Here is what the permissions (that are not ignored) mean:
If the permission is set, new resources of this type can be created. You can move new resources of the type to a page via the page editor or use the "Add wizard" in the traditional workplace to add new resources of the specified type.
If the permission is set, resources of this type can be edited. That means, a context menu in the workplace's editor appears for such contents and you can edit contents via the ADE views.
If the permission is set, resources of the type are visible in ADE dialogs and the edit buttons appear at elements of that type. Thus you can add, move or remove elements at a page. If the view permission is not set, contents of the type never appear in the ADE views. The setting has no influence in the traditional workplace, thus from the workplace's explorer you can still edit or create resources of the type, if the according other permissions are set.
Permissions on explorer types interact different than permissions on VFS resources. In particular:
opencms-workplace.xml
in the node <defaultaccesscontrol>
.Permissions can either be assigned to single users, to groups and also to roles. What is the best choice, depends on your special situation. Possibly, the most appealing way is to set permissions dependent on roles. For example, the type function (Dynamic functions) has set the permissions such that template developers can add new such such functions or edit existing ones, while normal workplace users can only view such functions, i.e. add or remove them from pages.
Besides setting permissions for specific roles, groups or users, you can set default permissions for a resource type. They overwrite the system defaults, but are overwritten by all settings that are set for a role, group or user.