The permissions system allows packages to define custom privileges. If you read the source code for older packages, you'll find they frequently define many custom privileges ("forums_read" for instance). Our current engineering standards call for the use of standard, system-wide privileges wherever possible.

In addition, a privilege can be declared to be a child of another privilege. In this case, a check for the child privilege returns true if either the parent or child privilege has been granted a given party on the given object.

While the permissions system does not enforce any particular semantics for a given privilege, the pre-defined permissions by convention should be treated according to the following definitions.

• read - the party can read the data associated with the given object.

• write - the party can write new data to the given object.

• delete - the party can delete the given object.

• create - the party can create new objects which are "owned" by the given object (i.e. create a forum post within a forum).

• admin - the admin privilege is the parent privilege to all other standard privileges. In other words, a party with the admin privilege has the read, write, create or delete privileges on the given object.