.TH "libpipewire-module-access" 7 "1.1.82" "PipeWire" \" -*- nroff -*-
.ad l
.nh
.SH NAME
libpipewire-module-access \- Access 
.SH DESCRIPTION
.PP
The \fCaccess\fP module performs access checks on clients\&.
.PP
The access check is only performed once per client, subsequent checks return the same resolution\&.
.PP
Permissions assigned to a client are configured as arguments to this module, see below\&. Permission management beyond unrestricted access is delegated to an external agent, usually the session manager\&.
.PP
This module sets the \fBpipewire.access\fP as follows:
.PP
.IP "\(bu" 2
If \fCaccess\&.legacy\fP module option is not enabled:
.PP
The value defined for the socket in \fCaccess\&.socket\fP module option, or \fC'default'\fP if no value is defined\&.
.IP "\(bu" 2
If \fCaccess\&.legacy\fP is enabled, the value is:
.IP "  \(bu" 4
\fC'flatpak'\fP: if client is a Flatpak client
.IP "  \(bu" 4
\fC'unrestricted'\fP: if \fBpipewire.client.access\fP client property is set to \fC'allowed'\fP
.IP "  \(bu" 4
Value of \fBpipewire.client.access\fP client property, if set
.IP "  \(bu" 4
\fC'unrestricted'\fP: otherwise
.PP

.PP
.PP
If the resulting \fBpipewire.access\fP value is \fC'unrestricted'\fP, this module will give the client all permissions to access all resources\&. Otherwise, the client will be forced to wait until an external actor, such as the session manager, updates the client permissions\&.
.PP
For connections from applications running inside Flatpak, and not mediated by other clients (eg\&. portal or pipewire-pulse), the \fCpipewire\&.access\&.portal\&.app_id\fP property is to the Flatpak application ID, if found\&. In addition, \fCpipewire\&.sec\&.flatpak\fP is set to \fCtrue\fP\&.
.PP
.SH "MODULE NAME"
.PP
.PP
\fClibpipewire-module-access\fP
.PP
.SH "MODULE OPTIONS"
.PP
.PP
Options specific to the behavior of this module
.PP
.IP "\(bu" 2
\fCaccess\&.socket = { 'socket-name' = 'access-value', \&.\&.\&. }\fP:
.PP
Socket-specific access permissions\&. Has the default value \fC{ 'CORENAME-manager': 'unrestricted' }\fP where \fCCORENAME\fP is the name of the PipeWire core, usually \fCpipewire-0\fP\&.
.IP "\(bu" 2
\fCaccess\&.legacy = true\fP: enable backward-compatible access mode\&. Cannot be enabled when using socket-based permissions\&.
.PP
If \fCaccess\&.socket\fP is not specified, has the default value \fCtrue\fP otherwise \fCfalse\fP\&.
.PP
\fBWarning\fP
.RS 4
The legacy mode is deprecated\&. The default value is subject to change and the legacy mode may be removed in future PipeWire releases\&.
.RE
.PP
.SH "GENERAL OPTIONS"
.PP

.PP
.PP
Options with well-known behavior:
.PP
.IP "\(bu" 2
\fBpipewire.access\fP
.IP "\(bu" 2
\fBpipewire.client.access\fP
.PP
.PP
.SH "EXAMPLE CONFIGURATION"
.PP
.PP
.PP
.nf
 context\&.modules = [
  {   name = libpipewire\-module\-access
      args = {
          # Use separate socket for session manager applications,
          # and pipewire\-0 for usual applications\&.
          access\&.socket = {
              pipewire\-0 = "default",
              pipewire\-0\-manager = "unrestricted",
          }
      }
  }
]
.fi
.PP
.PP
\fBSee also\fP
.RS 4
\fBpw_resource_error\fP 
.PP
\fBpw_impl_client_update_permissions\fP 
.RE
.PP