== Extension Point : ''IPermissionStore'' == ||'''Interface'''||''IPermissionStore''||'''Since'''||0.9|| ||'''Module'''||''trac.perm''||'''Source'''||[source:trunk/trac/perm.py perm.py]|| The active ''IPermissionStore'' implementation stores the permissions and group memberships explicitly granted to users and groups. == Purpose == The TracPermissions system supports granting and revoking of action permissions and of hierarchical [TracPermissions#PermissionGroups groups] that bundle and inherit permissions per user. The IPermissionStore interface can be used to replace the storage mechanism for these granted permissions. Note that to ''implicitly'' grant additional permissions to certain users automatically, it is not necessary to implement (or wrap) IPermissionStore. Implement [../trac.perm.IPermissionGroupProvider IPermissionGroupProvider] instead. == Usage == Implementing the interface follows the standard guidelines found in [wiki:TracDev/ComponentArchitecture] and of course [wiki:TracDev/PluginDevelopment]. Only the ''permission_store'' configured in [wiki:TracIni#trac-section trac.ini] will be used. The configured implementation will be called by the permissions system to grant, revoke and query permissions. This information is automatically cached and reused for some time. == Examples == Due to the complexity of implementing a full permission store backend, no simple example can be provided here. == Available Implementations == In Trac: || [source:trunk/trac/perm.py DefaultPermissionStore] || Stores permissions and admin defined permission groups in the project environment's SQL database. || In third-party plugins: || th:LdapPlugin || `LdapPermissionStore` uses LDAP directory as the permission store backend. || || th:ActiveDirectoryAuthPlugin || `UserExtensiblePermissionStore` extends `DefaultPermissionStore` adding an extension point, implemented to provide `TRAC_ADMIN` for members of a certain Active Directory group. || || th:TracForgePlugin || `TracForgePermissionStore` extends `DefaultPermissionStore` for multi project permissions. || || th:SuperUserPlugin || Wraps another (`Default`)`PermissionStore` to automatically give some users `TRAC_ADMIN` privileges. || == Additional Information and References == * [http://www.edgewall.org/docs/trac-trunk/epydoc/trac.perm.IPermissionStore-class.html Epydoc API Reference] * See also [../trac.perm.IPermissionGroupProvider IPermissionGroupProvider], [../trac.perm.IPermissionPolicy IPermissionPolicy], [../trac.perm.IPermissionRequestor IPermissionRequestor] * Related tickets: * #5648 Move user defined groups to IPermissionGroupProvider implementation * #4245 Inefficient algorithm used in `DefaultPermissionStore` * [query:status!=closed&keywords~=permissions permissions in keywords] * Related mailing list topics: * Early [Trac-ML:3072 design discussion] * Some discussion about possible [trac-dev:2758 future enhancements]