

了解权限-Understanding Permissions

This topic has been updated for the Orchard 1.8.1 release.

本主题已针对Orchard 1.8.1发行版进行了更新。

Each role has a set of permissions assigned to it, and these permissions indicate which actions a user in that role can perform. For each role, you can only grant permissions; you cannot specifically deny a permission. A user's permission set consists of all granted permissions for all roles that the user belongs to.

每个角色都有一组分配给它的权限，这些权限指示该角色中的用户可以执行的操作。对于每个角色，您只能授予权限;你不能具体否认一个许可。用户的权限集包含用户所属的所有角色的所有已授予权限。

To assign or review permissions for a role, click the Roles link.

要分配或查看角色的权限，请单击角色链接。

Click Edit for the role you want to modify or review.

单击编辑以查看要修改或查看的角色。

By default, Orchard includes a number of roles with default permissions:

默认情况下，Orchard包含许多具有默认权限的角色：

Administrator - Can perform any operation (has all permissions)
管理员 - 可以执行任何操作（拥有所有权限）
Editor - Can author, publish and edit his own and others' content items.
编辑 - 可以创作，发布和编辑自己和他人的内容项目。
Moderator - Can moderate comments and tags only. No authoring permissions.
主持人 - 只能审核评论和标签。没有创作权限。
Author - Can author, publish and edit his own content items
作者 - 可以创作，发布和编辑自己的内容项目
Contributor - Can author and edit his own content items, but not publish them (save draft only)
贡献者 - 可以创作和编辑自己的内容项目，但不能发布它们（仅保存草稿）
Anonymous - Can view the front-end of the site only.
匿名 - 只能查看网站的前端。
Authenticated - Can view the site front-end, and perform other operations depending on the site and other role permission settings.
经过身份验证 - 可以查看站点前端，并根据站点和其他角色权限设置执行其他操作。

Implied Permissions

隐含的权限

Some permissions specify whether a user is allowed to perform a single action; other permissions specify whether the user is allowed to perform a group of actions. The permissions that pertain to a group of actions are typically higher-level permissions that logically include lower-level actions. When you grant a higher-level permission that relates to a group of actions, the lower-level permissions are implicitly included. For example, if you grant a role permission to manage blogs, you are also granting that role permission to edit, publish, and delete blogs.

某些权限指定是否允许用户执行单个操作;其他权限指定是否允许用户执行一组操作。与一组操作相关的权限通常是较高级别的权限，逻辑上包括较低级别的操作。授予与一组操作相关的更高级别权限时，将隐式包含更低级别的权限。例如，如果您授予管理博客的角色权限，那么您还授予该角色编辑，发布和删除博客的权限。

You can see which permissions are explicitly or implicitly granted by examining the check boxes in the Allow and Effective columns. The Allow column shows which permissions are explicitly granted and the Effective column indicates which permissions are explicitly or implicitly granted. The following image shows that Manage blogs was specifically granted to the role and the other permissions were implicitly granted.

通过检查 Allow 和 Effective 列中的复选框，可以查看显式或隐式授予的权限。 Allow 列显示显式授予的权限， Effective 列指示显式或隐式授予哪些权限。下图显示管理博客专门授予该角色，其他权限被隐式授予。

If you unselect the Manage blogs permission, all of the other permissions are also revoked.

如果取消选择管理博客权限，则所有其他权限也将被撤消。

The following image shows a role with Edit any blog posts granted. Edit own blog posts is implicitly granted.

下图显示了编辑任何博客帖子的角色。 隐式授予编辑自己的博客文章。

The following image shows a role with only Edit own blog posts granted. No permissions are implicitly granted with this selection.

下图显示了仅授予编辑自己的博客帖子的角色。此选择不会隐式授予任何权限。

有关如何自定义权限的信息，请参阅[添加自定义权限]（添加自定义权限）。有关高级概念，请参阅[权限]（权限）.-->

Orchard.ContentPermissions

This applies to the Orchard.ContentPermissions Module, available since Orchard 1.5.1

这适用于自Orchard 1.5.1起可用的Orchard.ContentPermissions模块

When enabling the ContentPermissions module, you can define item-level permissions for the front end.

启用ContentPermissions模块时，您可以为前端定义项目级权限。

This allows you to protect your Projections or own Content Types.

这使您可以保护您的预测或自己的内容类型。