Novell Doc: Novell Teaming 2.0 Advanced User Guide

4.1 Understanding Access Control

Access control is the method by which you specify which users have the right to perform which tasks in which places.

Teaming uses role-based access control. By default, there are six roles, and each role contains specific rights. If you want a particular user to have certain rights, then you can assign that user to the appropriate role.

For example, a user who has been assigned to the Participant role in a workspace or folder can add comments or replies, create entries, delete his or her own entries, modify his or her own entries, and read entries in that folder or workspace.

The following sections help you better understand how access control works in Novell Teaming.

4.1.1 Default Access Control Behavior in Workspaces

By default, places inherit the access settings of their parent. When you establish settings for a primary space, all sub-places automatically apply the same settings, saving administration time.

You can change the access control settings of a lower-level workspace and folder to be different from its parent workspace or folder. For information on how to do this, see Section 4.2, Managing Access Control for Users and Groups.

4.1.2 Default User Rights

By default, all Teaming users have the following rights:

They can participate in any team workspaces in which they are a member (create folders and entries, make comments, etc.)
They can create team workspaces (by default, only members of a team can view and participate in team workspaces)
They can visit all personal workspaces (read entries and comment on them)
They can participate in all global workspaces and folders

4.1.3 Default Roles

Teaming includes six default roles. Table 4-1 describes the function of each default role, but does not describe all of the rights for each role. For a complete list of rights, click the name of the role in the table on the Configure Access Control page. (In the Folder or Workspace toolbar, click Manage > Access Control.)

Teaming also enables site administrators to create their own custom roles, as described in Defining a New Role in the Novell Teaming 2.0 Administration Guide. If you have a need for a custom role, consult your Teaming administrator.

Table 4-1 Default Access Control Roles

Role	Description
Visitor	Has read-only and comment-only access.
Participant	Can create entries and modify those entries, plus perform tasks associated with the Visitor role.
Guest Participant	Can read entries, create entries, and add comments.
Team Member	Has all the rights of a Participant. In addition, can add folders, modify any entry, and has some additional administrator privileges.
Workspace and Folder Administrator	Can create, modify, or delete workspaces or folders; moderate participation (modify or delete the entries of others); design entries and workflows; and can perform tasks associated with the Participant role.
Workspace Creator	Can create sub-workspaces. In Team Workspace Root workspaces, this role allows users to create their own team workspaces.
Site Administrator	Has all rights associated with access control.

4.1.4 Default Users and Groups

As you create users and groups in your Teaming site, you can assign default or custom access control roles to them. In addition to the users and groups that you create, Teaming includes four default users and groups to which you can assign roles. For information on how to do this, see Section 4.2, Managing Access Control for Users and Groups.

Table 4-2 defines the four default users and groups.

Table 4-2 Default Access Control Users and Groups

Default User and Group	Description
Owner of a Workspace or Folder	The person who created the workspace, or the person assigned to be the owner of the workspace.
Team Members	The individuals who are designated as team members in a given place, through the Manage Team feature in the main sidebar.
All Users	Every person registered within the Teaming site.
Site Administrator	The person who has rights to perform any task in any workspace or folder.