Access control is how you specify which users have the right to perform which tasks in which places. Because your Novell Vibe site is a hierarchy of workspaces and folders and because access control settings can be inherited (or not), access control settings affect a variety of Vibe features
Novell Vibe uses role-based access control. By default, there are seven roles, and each role contains specific rights. If you want a particular user to have certain rights, you can assign that user to the appropriate role.
For example, a user who has been assigned to the Participant role in a workspace or folder can add comments or replies, create entries, delete his or her own entries, modify his or her own entries, and read entries in that folder or workspace.
The following sections help you better understand how access control works in Vibe.
Workspaces can inherit the access control settings of their parent workspaces. You should understand the following facts about access control inheritance:
If you create a new workspace under an existing workspace that is inheriting its access control settings from its parent, the new workspace continues the inheritance chain. If you change any access control settings above the new workspace at a later time, the access control settings for the new workspace also change. Global workspaces inherit access control settings from the parent workspace by default.
If you create a new workspace under an existing workspace that is not inheriting its access control settings, the new workspace retains the non-inherited settings of the parent workspace.
If you move a workspace that is inheriting its access control settings from its original parent workspace, it inherits the access control settings of the new parent workspace into which it is moved. If the new parent workspace has different settings than the original parent workspace, the access control settings for the moved workspace change accordingly.
Team membership is inherited separately from access control settings. If access control settings are being inherited, this does not necessarily mean that team membership is also being inherited. To edit team membership or to change the team membership inheritance settings for a team workspace, click > .
By default, most places inherit the access control settings of their parent. When you establish settings for a primary space, all sub-places automatically apply the same settings, saving administration time. However, unlike other types of workspaces, Team workspaces do not retain the access control settings of the parent workspace by default. This is because the desired access control settings for Team workspaces can vary greatly depending on the objectives of the team.
Also, team membership is inherited separately from access control settings. If access control settings are being inherited, this does not necessarily mean that team membership is also being inherited. To edit team membership or to change the team membership inheritance settings for a team workspace, click > .
By default, all Vibe users have rights to perform the following actions:
Participate in any team workspaces in which they are a member (create folders and entries, make comments, etc.)
Create team workspaces (by default, only members of a team can view and participate in team workspaces)
Visit all personal workspaces (read entries and comment on them)
Participate in all global workspaces and folders
Vibe includes default roles that you can assign to users and groups. The following sections describe the function of each default role, but do not describe all of the rights associated with each role. For a complete list of rights, click the name of the role in the table on the Configure Access Control page. (In the Action toolbar, click > or > .)
For information on how the administrator can assign users to various roles for the Vibe site, see Section 2.3, Controlling User Access throughout the Vibe Site. For a detailed description of each right that can be associated with a given role, see Section 2.4.4, Understanding the Various Rights for Roles.
Vibe enables site administrators to create their own custom roles, as described in Section 2.4.1, Defining a New Role.
|
Role |
Description |
|---|---|
|
Visitor |
Has read-only and comment-only access. |
|
Participant |
Can create entries and modify those entries, plus perform tasks associated with the Visitor role. |
|
Guest Participant |
Can read entries, create entries, and add comments. |
|
Team Member |
Has all the rights of a Participant. In addition, can generate reports and manage global tags. |
|
Workspace and Folder Administrator |
Can create, modify, or delete workspaces or folders; moderate participation (modify or delete the entries of others); design entries and workflows; set entry-level access controls on entries of others; and can perform tasks associated with the Participant and Team Member role. |
|
Workspace Creator |
Can create sub-workspaces. In Team Workspace Root workspaces, this role allows users to create their own team workspaces. |
|
Role |
Description |
|---|---|
|
Read |
Can read the entry. |
|
Read and Reply |
Can read the entry and add comments or replies to the entry. |
|
Write |
Can read the entry, add comments or replies, and modify the entry. |
|
Delete |
Can read the entry, add comments or replies, modify, and delete the entry. |
|
Change Access Controls |
Can read the entry, add comments or replies, modify, and delete the entry. Can also modify the access control settings of the entry. |
|
Role |
Description |
|---|---|
|
Allow Adding Guest Access |
Can make Vibe workspaces and folders available to Guest users in Vibe. By default, Guest users can access only the Guest user personal workspace, as well as any workspace or folder that the Vibe administrator has granted them rights to access. For more information, see Section 5.4.5, Enabling Individual Users to Grant Guest Access throughout the Vibe Site. |
|
Can Only See Members Of Groups I Am In |
Removes a user’s ability to view other Vibe users who are not members of a group that he or she belongs to. |
|
Override “Can Only See Members Of Groups I Am In” |
Overrides the role. This can simplify the administration of the role. For example, you might assign the role to a group, but at the same time you want to allow certain members of the group to retain their ability to see users that belong to groups outside of their own. In this circumstance, you can assign the role to the members who you want to retain their ability to see users outside of their own groups. |
|
Token Requester |
Can make Web service calls on behalf of another Vibe user. This functionality can enable administrators to perform proxy functions for individual Vibe users without logging in as the Vibe user. This means that the Web services application does not cache individual users’ credentials in order to perform operations. This role should not be assigned to a Vibe user, but rather to a system-level (agent) account that you want to be responsible for executing Web service operations on behalf of one or more regular Vibe users. For more information about the Web services operations that support the Token Requester role, see |
|
Zone Administration |
Has all rights associated with access control. |
You can assign default or custom access control roles to users and groups for the Vibe site if you are the Vibe administrator, or in your workspaces if you are a workspace owner. In addition to the users and groups that the Vibe administrator creates, Vibe includes four default users and groups to which you can assign roles.
|
Default User and Group |
Description |
|---|---|
|
Owner of a Workspace or Folder |
The person who created the workspace, or the person assigned to be the owner of the workspace. |
|
Team Members |
The individuals who are designated as team members in a given place. For information about how to add team members, see |
|
All Users |
Every person registered within the Vibe site. |
|
Site Administrator |
The person who has rights to perform any task in any workspace or folder. Available only to Vibe administrators. |