Permissions XML file format

Permissions files have the following format (by example):

<permission-set script="classpath://org/jasig/portal/io/import-permission_set_v3-1.crn">
  <owner>UP_PORTLET_PUBLISH</owner>
  <principal-type>org.jasig.portal.groups.IEntityGroup</principal-type>
  <principal>
    <group>${tenant.name} Administrators</group>
  </principal>
  <activity>PORTLET_MODE_CONFIG</activity>
  <target permission-type="GRANT">
    <group>${tenant.name} Portlets</group>
  </target>
  <!-- New in uPortal 4.3.0 you can specify a portlet by fname -->
  <target permission-type="GRANT">
    <portlet>${tenant.fname}-logo</portlet>
  </target>
</permission-set>

where:

Element	Description	Available values
owner	String identifying owner of the activity	Values specified in IPermission.java. Can be one of: UP_SYSTEM UP_GROUPS UP_PORTLET_PUBLISH UP_PORTLET_SUBSCRIBE UP_USERS UP_PERMISSIONS UP_ERROR_CHAN
principal-type		One of: org.jasig.portal.groups.IEntityGroup org.jasig.portal.security.IPerson
principal		If principal-type is group type: <group>groupname</group> If principal-type is person type: <literal>username</literal>
activity	String specifying permissions subcategory	See IPermission.java (and source code, much of which passes in a string). Best view of available values is looking at links on Manage Permissions page.
target	One or more targets may be specified. Target can have permission-type of GRANT or DENY.	Allowed values are: <group>groupname</group> Group that receives the GRANT or DENY permission <literal>targetname</literal> Values can be a username or PORTLET_ID.x where x is the ID of the portlet in the database (new with uPortal 4.3.0) <portlet>portletFname</portlet> Specify a portlet by fname

The groupings of permission-owner and activity is easiest seen on the Manage Permissions page (look at link href URLs for specific values). E.g.