====== Permissions and Inheritance====== Within the RDMS, we support **four levels of permissions** or user privileges to files and folders that can be defined by the users. In an order of ascending privileges, these permissions are 'Null', 'Read', 'Read/Write' and 'Own'. Please see the following table for a summary of what these different permissions allow within the RDMS: ^ Permission Level ^ Read ^ Modify ^ Create New ^ Delete ^ Share ^ | **Null** | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | | **Read** | {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | | **Write** | {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}} | {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}} | {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | {{:rdms:data:1280px-eo_circle_red_blank.svg.png?nolink&20|}} | | **Own** | {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}} | {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}} | {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}} | {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}} | {{:rdms:data:eo_circle_green_checkmark.svg.png?nolink&20|}} | And for a more detailed explanation of what this permissions mean: **Own**: The user owns the data object (file) or the collection (folder) and has the full permission on reading, modifying (including deletion), and sharing. **Write**: The user has read and write access to the object. **Read**: The user can only read the object or its content. This also allows to make a (editable) copy of the file/folder. **Null**: The user does not have any permission on the object. One can use 'none' when removing the previously assigned permissions to a user. **Important**: If you accidentally remove your own permissions, you will no longer be able to restore them even if you were the original owner of the object. **Important Note** * While 'write' permissions allow to create new objects and modify existing ones, it does not allow for the deletion of objects * Previously, it was possible to restore your own permissions to an object, if you were owner of the object before. With the new update of the iRODS system, this is no longer possible. ===== Inheritance ===== Inheritance means that the permissions set on a collection/folder are also propagated to its subfolders and files. Also, with activated inheritance, newly created files and folder inherit the permission of the main folder. By default, permission inheritance is active within the RDMS, but it can also be disabled on a per folder/collection basis. Users who decide to disable permission inheritance should be aware that this means that permissions on all (sub)folders and files have to be set individually. Also, it should be noted that it is also possible to modify user permissions on specific subfolders or files when permission inheritance is activated on the main folder.