This chapter explains the user’s permissions and grants which are a mayor part of the repository functioning. Permission control provides a safer approach to the stored data in the repository. Furthermore, it protects the content from being abused by persons having no rights to access the repository.
To work with the repository in general, a user must have certain privileges which are granted by the repository administrator. The following graph shows the minimum privileges which are necessary to access the basic repository functions:
For example, a user with READ privilege can only open documents, but not store them back to the repository. Without having WRITE and DELETE permissions, document access or other functions such as save or delete will be denied.
At a higher level of the repository security are permissions and grants on users , groups , folders and documents . The Repository Administrator has to define for each user the basic repository privileges. Additionally, the user should be at least in a repository group which has by default READ/WRITE/DELETE (RWD) privileges on the root folder. The pre-defined group “ any ” can be used for that. The privilege and grants hierarchy is defined as follows:
User permissions are based on user and group privileges. Each user should belong to one or more groups which owns the group privileges. The permissions are structured hierarchically. This implies that user permissions are controlled/checked prior to group permissions. Group permissions are controlled/checked prior to folder grants. The user has to have delete rights on all four levels if he wants to delete documents or folders or both. The following list illustrates the privileges which are needed to execute certain actions in the repository explorer:
action privlege Search Copy Paste Open New Delete Cut Save Properties Export Back sync
Some repository explorer actions are “combined actions”. As an example, the user likes to “copy & paste”, so the user must have permitions.