...
This policy enforcement point (PEP) makes basic decisions based on the three role of basic roles of "metadata reader", "reader", "writer", and "admin". These roles are stored assigned to principals on Fedora objects and they may be datastreams. Assigned roles are inherited through the repository tree until blocked by another assignment.
This PEP makes use of the Access Roles Module to assign and query roles in the repository.
...
The permissions granted to these roles are fixed. This PEP makes decisions in Java code, rather than consulting any kind of declarative policy. If more nuanced roles or policies are required, then you can switch to the Local XACML Role-based PEP and reuse the roles you have already assigned in your repository.
Role/Permission Matrix
| metadata reader | reader | writer | admin | |
|---|---|---|---|---|
| read properties | X | X | X | X |
| read content | X | X | X | |
| write | X | X | ||
| write roles | X |