Access Rights
About
Access rights allow defining access levels for individual users, groups, domains, etc. These levels are:
Access Right |
Description |
---|---|
Lookup |
basic right just to see GroupWare folders (not to see items); this allows users to open subfolders they can be granted access to |
Read |
right only to read the GroupWare items and entries |
Keep Seen Flag |
right to mark a message as read - only for non-groupware folders |
Write |
right to edit items completely including setting or clearing flags other than seen and deleted |
Insert |
right to insert a new item |
Post |
included for compatibility with IMAP clients |
Create |
right to create a new folder |
Delete |
rights to delete items from the public or shared folder (a folder owner has full rights) |
Expunge |
included for compatibility with IMAP clients |
Delete Mailbox |
right to delete a folder |
Administer |
full rights |
Permissions
It is a list of permissions attached to the object. This list specifies who or what is allowed to access the object and what operations are allowed to be performed on the object.
This dialog is used in the User, Group and Public Folders dialogs. It allows to define access rights to any folder (both GroupWare and IMAP) directly from the GUI and you can see the whole shared/public folder structure in a combined view.
For the Permissions dialog, refer to the Public Folder - General chapter - Permissions Tab section.
Permissions can be defined on each folder level and is automatically inherited from the parent if not defined. New "everyone" right has been introduced.
Permissions Inheritance
Permissions inheritance is a mechanism that lets container objects (e.g.: mail type folders, file ones, etc.) pass access control information to their child objects. A container's child objects can be non-container objects (e.g.: messages, contacts, files, etc.) as well as other container objects.
From administrator point of view, permissions inheritance simplifies access control management. An administrator can set the permissions on a parent object and does not need to set permissions on each child object.
Permissions Notification
IceWarp GroupWare Server sends notifications to users (after any permissions change) stating that they have been granted access rights.
These emails include information about:
- who has granted access
- to what folders
- what level of access rights the user has been granted
Figure. Access notification.
Similar type of notification is sent to resource managers and organizers when they are granted any roles related to these resources.
Folder Permissions Inheritance in IceWarp WebClient
When sharing folders in WebClient, any created child folder inherits access rights from its parent. These access rights can be changed (both increased and decreased) by the owner. In the case, you want to set access rights of this folder back to parent's ones, you can use the Inherit button of the Folder Access Rights dialog (see the IMAP - Sharing Folders section). This eliminates necessity to set them back manually.
Setting Permissions
Examples of setting permissions are shown in the IMAP chapter:
- For on-server permissions setting, refer to the On-server Setup section.
- For setting folder access rights using an email client (at best WebClient), refer to the Creating the Resource - Sharing Folders section.