There are many aspects to permissions management in the groupware section of Open-Xchange Server: Not only can the administrator grant individual users access rights for each domain, but every user can grant folder permissions for his own folders.
The assignment of permissions in Open-Xchange Server is additive, not subtractive. For example, if a user is a member of a group that has read and edit rights for a particular folder, the user automatically receives the read and edit rights for this folder. It is impossible to revoke user's rights by giving them, for example, only read rights for this folder.
If a user is a member of two groups, one of which has read and edit rights to a folder, whereas the other one has only read rights, the user has read and edit rights.
If a user has read and edit rights to a folder and is a member of a group that does not have these rights, the user retains his read and edit rights. Thus rights of the highest level always prevail over rights of a lower level.
Open-Xchange Server recognizes two types of folders: and . Private folders are visible to you only, whereas public folders can be accessed by other users as well. Moreover, you can share individual folders with individual users or user groups.
You can grant permissions to your private folders and to the folders to which you have access rights by right-clicking on the folder to which you want to grant permission. In the context menu, click on
.In the overview window on the right side of the portal, you can see two tabs. Under
you can see the name of the folder as well as the name of the respective module. In the second tab, rights already assigned to individual users are shown.Here you can grant permissions to a new user. To do so, click the
button in the panel section. A dialog box opens, where you can select users and them to the existing list. Click on to accept your selection. You can now grant rights to the active user. This also applies to groups. In the dialog box, you can select a group and assign rights to it. If you want to delete a user or a group from the list, activate the respective user or a group in , go to in the panel, and select .Administrator rights can be granted under
. A user with such rights can himself grant rights. If is selected, the respective user cannot grant any rights for this folder.If you decide to give
to a user, select the corresponding function. This will make the folder invisible for the other user. You can still grant read and edit permissions for this folder. The reason for that in is the folder structure, allowing to assign rights at the folder level, but not at the object level. Let's assume you want to grant a user read and edit rights for one object within a folder, but leave all the other objects invisible to that user. This is only possible if you hide the folder from the user and E-Mail him the object that you want to share as a link. Consequently, the user can only see this one object, because he was granted a direct access right to this object along with the read and edit rights. Although theoretically he has read and edit to all the other object in the folder as well, he can neither see the folder nor its content and thus not access it via the folder structure.However, if you want to allow a user to see a folder, you have to make this folder visible to this user by clicking on
If you want a user to be able to create objects in your calendar such as appointments, but not see your calendar's content, select and set the read rights to . If you want to allow users to create subfolders in your folder and grant them read and edit rights, select and set the read and edit rights to . This will give them the permission to read and edit in all the folders that they created. If you want to grant a user unrestricted folder rights, click on or . Both include the right to grant folder rights.If you want to deny a user the read permission, select
. If you permitted a user to create subfolders in your folder and you want to give him read permissions to his own folders, select . If you want to grant him read permissions to the entire folder, select or . . Both include the right to grant read permission.If you want to deny a user edit rights, select
. If you permitted a user to create subfolders in your folder and you want to give him edit rights only to his own folders, select . If you want to grant him edit permissions to the entire folder, select or . Both inlcude the right to grant edit rights.If you want to deny a user the permission to delete your folders, select
. If you permitted a user to create subfolders in your folder and you want to restrict his delete rights to his own folders, select . If you want to grant him delete permissions to the entire folder, select or . Both include the right to grant delete rights.If a user has lost his delete rights for a folder, he cannot move objects from this folder since moving them would mean deleting them from the source folder. Accordingly, the
function in the panel is unavailable (gray) if the user does not have the permission to delete a folder.