Substance D SDI Permission Names
================================

sdi.add-content

  Protects views which allow users to add content to a folder.

sdi.add-group

  Protects views which add groups to a groups collection within a principals
  service.

sdi.add-services

  Protects views which add built-in Substance D services.

sdi.add-user

  Protects views which add users to a users collection within a principals
  service.

sdi.change-acls

  Protects arbitrary locations, allowing certain people to execute views the
  under that location which change ACLs associated with a resource.

sdi.change-password

  Protects views of a user which allow for the changing of passwords.

sdi.lock

  Protects views which allow users to lock or unlock a resource.

sdi.manage-catalog

  Protects views which allow users to manage catalog data and indexes within a
  catalog service.

sdi.manage-contents

  Protects views which allow users to add, remove, and rename items within
  folders.

sdi.manage-database

  Protects the "manage database" view at the root.

sdi.manage-references

  Protects views which allow users to manage the references associated with a
  resource.

sdi.manage-user-groups

  Protects views which allow admin users to update groups for users.

sdi.manage-workflow

  Protects the views associated with managing the workflows of an object.

sdi.undo

  Protects the capability of users to execute views which undo transactions.

sdi.view

  Protects whether a user can view the SDI management pages associated with a
  resource.

sdi.view-services

  Protects whether a user can view the "Services" tab in a folder.

sdi.edit-properties

  Allows for the editing of the properties of a property sheet for an object.

sdi.view-auditlog

  Allows the user to view the audit log event stream (``auditstream-sse``)
  view.