Kademi allows you to specify custom roles for groups that will give users permissions to view or edit data with custom apps.

Kademi's permission system complaint with the RFC 3744 standard.

To define roles edit your controllers.xml and add the following:

		<role class="role"> 
			<name>Role Name</name> 
			<privnames> 
				<string>READ_CONTENT</string> 
			</privnames> 
		</role>

You can then add that role to groups you want to have the READ_CONTENT permission for resources in that app:

This will allow groups that have that role to access data from the custom app, you can add more priviledges to that role for example WRITE_CONTENT

You can also define multiple roles in a single controller.

Use the postPriv property on controller mappings to require a particular permission to allow a POST request. Eg you might want to allow READ_CONTENT for safe actions like voting or adding comments, or you might want WRITE_PERMISSIONS to an admin level function. See ControllerMappingBuilder for details