Difference between revisions of "Acl"

From TUTOS

m
m (Intro)
Line 22: Line 22:
 
  2 = no default-acl, defaultgroups from db (set in user_new dialog)
 
  2 = no default-acl, defaultgroups from db (set in user_new dialog)
  
Startting with TUTOS 1.7 you will also be able to set feature permissions for every object. As an example you can disable the possibilty to add notes to an specific project for a group of users.
+
Starting with TUTOS 1.7 you will also be able to set feature permissions for every object. As an example you can disable the possibilty to add notes to an specific project for a group of users.
  
 
== Display / Modify ==
 
== Display / Modify ==

Revision as of 19:34, 9 December 2010

Intro

TUTOS has a set of permissions for every object you use in the system. Internally this is called a ACL (AccessControlList).

There are four different types of permissions.

  • See. You may see the object
  • Use. You can use the object. For example attach a note to the object.
  • Modify. You are allowed to change the contents of the object.
  • Delete. Yo can delete the object.

Higher permissions include all the lower permissions. Someone who has a delete permission is allowed to change the permissions and provide new rights to other users and teams.

The list of possible permission owners will only present:

  • users and teams that already have rights
  • their own teams and their members
  • users and teams where you have the "use" permission


New objects are created with some default permissions. The default permissions depend on the configuration parameter $tutos[defaultacl]

0 = everybody can see it
1 = all teams of the creator can see it
2 = no default-acl, defaultgroups from db (set in user_new dialog)

Starting with TUTOS 1.7 you will also be able to set feature permissions for every object. As an example you can disable the possibilty to add notes to an specific project for a group of users.

Display / Modify

Looking on a TUTOS object you will see a link that allows you to change (if allowed) Change a objects permission or only see the current seeting. See a objects permission