

Example permissions string:
r,s,a,t,

Note that case is important.

Code Permission
===============

Search
------
s       Can search for resources.
v       Can view confidential (admin only) resources, also download 'restricted' resources.
g       Without this permission the users in the group will have 'restricted' access to any 'restricted/open' resources.
q       Can make resource requests.
w       Show watermarked previews/thumbnails ($watermark must be set in config.php prior to resource upload in order for 
        watermarks to be created).

Metadata Fields / Resource Types
--------------------------------
f*      Can see all fields
f?      Can see field with reference ? e.g. f1,f2,f3 (applies to editing, advanced search, and viewing resources).
f-?     Can not see the field with reference ? e.g. f*,f-3 means see all fields except field 3.
F?      DENY write access to the field. The field will not appear on edit or edit all.
F*      DENY write access to all fields.
F-?     ALLOW write access to the given field, used with F* to allow write access to specific fields only.
T?      DENY access to resources with the given resource type ID, also hide this resource type when editing/searching.
T?_$    DENY access to resources with the given resource type ID AND the given download size ID, for example T1_scr 
        denies access to the screen size download for photo resources. Use "T1_" (i.e. empty download ID) to deny access
        to the original resource file.
X?      RESTRICT access to resources with the given resource type ID.
XU?     RESTRICT upload access for resources of type ID.
X?_$    RESTRICT access to resources with the given resource type ID AND the given download size ID, for example X1_scr 
        restricts access to the screen size download for photo resources.
P?      Allows edit only access to a specific field on the upload form only. Allows a user to provide a field on upload 
        that is otherwise hidden from them (e.g. confidential information such as subject name).
XE?     DENY edit access to given resource type
XE      DENY edit access to ALL resource types by default, to be used in conjuction with the XE? permission
XE-?    Only for usergroups with XE permisssion, ALLOW edit access to resources of the given resource type

Resource creation
-----------------
c       an create resources / upload files (Team Centre users; resources go directly into usable state).
d       Can create resources / upload files (Normal users; resources go into 'pre-check' state).

e?      Can edit resources in specific archive state, e.g. e0, e1, e2 (includes deletion)
            e0: Not archived (visible in a normal search)
            e1: Waiting to be archived (hidden from searches)
            e2: Archived (visible in archive searches only)
        Normally the resource management team will have e0 and e1, and the archive team will have e1 and e2.
        Further permissions govern access to user contributed resources.
            e-2: User contributed, awaiting user submission
            e-1: User contributed, awaiting team review
        
ert?    Can always edit resources of the specified resource type in any archive state, can be used if the user does not 
        have access to the admin area for delegation of publishing control.
i       Can manage archive resources.
n       Can tag resources using 'Speed Tagging' (must be enabled in config).
A       Can manage alternative files

Featured collection / Collections
---------------------------------
b       Suppress bottom collections frame and all associated collections functionality (not advisable for administrator 
        groups as collections make resource management much easier).
h       Can publish featured collections, and edit all collections.
j*      Can see all featured collection categories.
j?      Can see featured collection in category ? (e.g. jCars,jAnimals).
J       Can only search for resources that belong to featured collections (not advisable!).
X       Allows selection of a user group to determine access level when sharing externally so that when accessed 
        options, fields etc. will be viewed as if by a member of that group.

Restrictive permissions
-----------------------
p       Can not change own password. Useful for shared user accounts.
D       Can not delete resources.
noex    Cannot share resources externally (internal sharing is still possible, provided $allow_share=true;).
nolock  Cannot lock resources (locking is used to prevent resources being edited by other users)

Administration
--------------
a       Can access administration tree.
t       Can see the team centre home.
r       Can manage research requests.
R       Can manage resource requests / orders.
Ra      Can assign resource requests to others.
Rb      Can be assigned resource requests (also; can only see resource requests assigned to them in the Manage Resource 
        Requests area).
o       Can manage content.
m       Can bulk-mail users.
u       Can manage users.
k       Can manage keywords (add/remove keyword relationships and add/remove/rename checkbox/dropdown list options).
bdk?    Cannot add dynamic keywords to the list straight from the field (ie. when on Upload or Edit page).
ex      Can manage external shares with expiry set to "Never".

Restrictive group permissions (allows isolated groups to be created)
--------------------------------------------------------------------
U       (upper case) Can manage users in children groups to the user's group only.
E       (upper case) Can email resources to users in the user's own group, children groups and parent
        group only. Also when using custom access, can only select groups from own group, children
        groups and parent group. For user list auto-completion (e.g. when e-mailing a resource) the user will only see 
        users from their own group, children groups and parent group.
