The example on creating roles using the “Content Management API” shows we can pass negative_item_type_permissions.
However there is no documentation on what this would actually do.
Right now I’m assuming that when the following attributes are set that the user that created a 44 item can only edit those.
"positive_item_type_permissions": [
{
"item_type": "44",
"action": "all",
"on_creator": "self"
}
],
"negative_item_type_permissions": [
{
"item_type": "44",
"action": "all",
"on_creator": "self"
}
],
Is this assumption correct? If not where could I find more information about what each attribute means?
@ramon.gebben the negative permissions are what you can set from here in the CANNOT section:
so basically you remove the permissions.
In your case, if you want the role to edit only items of type (model) 44 you can use just the first part. If you want to let the role edit all models you can do this:
{
"item_type": "",
"action": "all",
"on_creator": "anyone"
}
Ok thanks. For the future, where can I find information about all attributes?
I know there is a JSON Schema but it’s not very helpful for humans and the documentation on the Content management API seems not to include that information.
we are working these days to improve the documentation of the REST API to fully document what is available.
So it will come very soon. Meanwhile unfortunately the only way to discover what is available is to inspect the network calls that the browser is doing against the API 
1 Like
