I'm fairly new to Liferay development and I'm having trouble wrapping my head around permissions. I've read quite a few articles and even read parts of a book that discussed permissions. Yet, I'm still out in the cold.

My portlet is in the Control Panel and is based on Entities. So let's say I have Entity 1, Entity 2, and Entity 3, of which each has its own attributes such as Name, Server Name, Location, etc. First, I need a global permission (probably VIEW and ADD**) that I can define as a role-based permission. Then, I need to be able to define permissions on each of the Entities separately. This would be similar to the permissions you can set on any portlet with permissions for UPDATE and DELETE. However, instead of at the portlet level I need them at the "entity" level.

Can any give me some guidance on this? Seems to be a fairly complex permissions scheme and is by far the toughest part of my development process. I appreciate the help.

** It probably wouldn't hurt to have an UPDATE and DELETE permission that can be defined as a role-based permission so that a person could potentially be given global UPDATE and DELETE permissions.