Most objects in the Kiln API have permissions; certain users may only be only able to perform certain actions on them. We document all of these behaviors here in this handy table:
|Project||Only administrators may create, write to, and delete projects. Project read permissions are determined on a per-person basis, as set by administrators or by the default permission or through the API.|
|Repository Groups||A repository group has the same permissions as the project it belongs to.|
Only administrators may create and delete central repositories. Users with read + branch or write permissions to a central repository may branch it. Repository permissions are determined on a per-person basis, as set by administrators or by the default repository permission or by the default project permission (above) or through the API.
Note: read + branch was added in Kiln 2.5.96.
|People||People are read-only in API 1.0. The permission to read each person record is determined on a per-person basis, as set by administrators (TODO: is this actually true?).|
|Review||Creating a review requires read/write permission to the project the review will belong to. Reading and modifying a review requires read and modify permissions, respectively, from the FogBugz bug corresponding to the review.|
A person's permission for a project or a repository may be "none", "read", "write", or "admin". "Read" grants the user permission to make any API call that doesn't modify the project or repository's data. "Write" grants that in addition to the ability to modify the data. "Admin" grants the privileges listed above. And "none" means the repository or project is unreadable and unwritable.