Role Permissions

Roles in CaosDB can have the following permissions

Role permissions
Permission	Description
`ACCESS_SERVER_PROPERTIES`	Permission to read the server properties.
`ACM:*`	Permissions to administrate the access controll management system. That includes managing users, roles, and assigning permissions to roles and roles to users.
`ACM:ROLE:*`	Permissions to manage roles, i.e. create, retrieve, update and delete roles and assign them to users.
`ACM:ROLE:ASSIGN:?ROLE?`	Permission to assign a role (to a user).
`ACM:ROLE:DELETE:?ROLE?`	Permission to delete a role.
`ACM:ROLE:INSERT`	Permission to create a new role.
`ACM:ROLE:RETRIEVE:DESCRIPTION:?ROLE?`	Permission to retrieve the description of a role.
`ACM:ROLE:RETRIEVE:PERMISSIONS:?ROLE?`	Permission to read the permissions of a role.
`ACM:ROLE:UPDATE:DESCRIPTION:?ROLE?`	Permission to update the description of a role.
`ACM:ROLE:UPDATE:PERMISSIONS:?ROLE?`	Permission to set the permissions of a role.
`ACM:USER:*`	Permissions to manage users, i.e. create, retrieve, update and delete users.
`ACM:USER:DELETE:?REALM?:?USER?`	Permission to delete a user
`ACM:USER:INSERT:?REALM?`	Permission to create a user in the given realm
`ACM:USER:RETRIEVE:INFO:?REALM?:?USER?`	Permission to retrieve the user info (email, entity, status)
`ACM:USER:RETRIEVE:ROLES:?REALM?:?USER?`	Permission to retrieve the roles of a user
`ACM:USER:UPDATE:EMAIL:?REALM?:?USER?`	Permission to update the email address of a user.
`ACM:USER:UPDATE:ENTITY:?REALM?:?USER?`	Permission to set the entity which is associated with a user.
`ACM:USER:UPDATE:ROLES:?REALM?:?USER?`	Permission to change the roles of a user.
`ACM:USER:UPDATE:STATUS:?REALM?:?USER?`	Permission to update the status of a user, i.e. marking them as `ACTIVE` or `INACTIVE`.
`ACM:USER:UPDATE_PASSWORD:?REALM?:?USER?`	Permission to set the password of a user.
`SCRIPTING:EXECUTE:?PATH?`	Permission to execute a server-side script under the given path. Note that, for utilizing the wild cards feature, you have to use `':'` as path separator. E.g. `'SCRIPTING:EXECUTE:my_scripts:*'` would be the permission to execute all executables below the `my_scripts` directory.
`SERVERLOGS:RETRIEVE`	Permission to read the server logs. (DEPRECATED)
`STATE:*`	Permissions to manage state models and the states of entities.
`STATE:ASSIGN:?STATE_MODEL?`	Permission to assign a state model.
`STATE:FORCE:FINAL`	Permission to force to leave a state models specified life-cycle even though the currrent state isn’t a final state in the that model.
`STATE:TRANSITION:?TRANSITION?`	Permission to initiate a transition.
`STATE:UNASSIGN:?STATE_MODEL?`	Permission to unassign a state model.
`TRANSACTION:*`	Permission to execute any writable transaction. This permission only allows to execute these transactions in general. The necessary entities permissions are not implied.
`TRANSACTION:DELETE:?ENTITY_ROLE?`	Permission to delete entities of a given role (e.g. Record, File, RecordType, or Property).
`TRANSACTION:INSERT:?ENTITY_ROLE?`	Permission to insert entities of a given role (e.g. Record, File, RecordType, or Property).
`TRANSACTION:UPDATE:?ENTITY_ROLE?`	Permission to update entities of a given role (e.g. Record, File, RecordType, or Property).