Permissions Management

There are many aspects to permissions management in the groupware section of Open-Xchange Server: Not only can the administrator grant individual users access rights for each domain, but every user can grant folder permissions for his own folders.

The assignment of permissions in Open-Xchange Server is additive, not subtractive. For example, if a user is a member of a group that has read and edit rights for a particular folder, the user automatically receives the read and edit rights for this folder. It is impossible to revoke user's rights by giving them, for example, only read rights for this folder.

If a user is a member of two groups, one of which has read and edit rights to a folder, whereas the other one has only read rights, the user has read and edit rights.

If a user has read and edit rights to a folder and is a member of a group that does not have these rights, the user retains his read and edit rights. Thus rights of the highest level always prevail over rights of a lower level.

Granting rights

Open-Xchange Server recognizes two types of folders: Private and public folders. Private folders are visible to you only, whereas public folders can be accessed by other users as well. Moreover, you can share individual folders with individual users or user groups.

You can grant permissions to your private folders and to the folders to which you have access rights by right-clicking on the folder to which you want to grant permission. In the context menu, click on Properties.

In the overview window on the right side of the portal, you can see two tabs. Under Overview you can see the name of the folder as well as the name of the respective module. In the second tab, rights already assigned to individual users are shown.

Here you can grant permissions to a new user. To do so, click the Add button in the User panel section. A dialog box opens, where you can select users and Add them to the existing list. Click on OK to accept your selection. You can now grant rights to the active user. This also applies to groups. In the dialog box, you can select a group and assign rights to it. If you want to delete a user or a group from the list, activate the respective user or a group in Rights, go to User in the panel, and select Remove.

What do permissions mean?

Granting rights

Administrator rights can be granted under Granting Permissions. A user with such rights can himself grant rights. If No Permissions is selected, the respective user cannot grant any rights for this folder.

Folder rights

If you decide to give No Folder rights to a user, select the corresponding function. This will make the folder invisible for the other user. You can still grant read and edit permissions for this folder. The reason for that in is the folder structure, allowing to assign rights at the folder level, but not at the object level. Let's assume you want to grant a user read and edit rights for one object within a folder, but leave all the other objects invisible to that user. This is only possible if you hide the folder from the user and E-Mail him the object that you want to share as a link. Consequently, the user can only see this one object, because he was granted a direct access right to this object along with the read and edit rights. Although theoretically he has read and edit to all the other object in the folder as well, he can neither see the folder nor its content and thus not access it via the folder structure.

However, if you want to allow a user to see a folder, you have to make this folder visible to this user by clicking on Visible folder. If you want a user to be able to create objects in your calendar such as appointments, but not see your calendar's content, select Create objects and set the read rights to None. If you want to allow users to create subfolders in your folder and grant them read and edit rights, select Create subfolder and set the read and edit rights to Own. This will give them the permission to read and edit in all the folders that they created. If you want to grant a user unrestricted folder rights, click on All or Administrator. Both include the right to grant folder rights.

Read rights

If you want to deny a user the read permission, select None. If you permitted a user to create subfolders in your folder and you want to give him read permissions to his own folders, select Own. If you want to grant him read permissions to the entire folder, select All or Administrator. . Both include the right to grant read permission.

Edit rights

If you want to deny a user edit rights, select None. If you permitted a user to create subfolders in your folder and you want to give him edit rights only to his own folders, select Own. If you want to grant him edit permissions to the entire folder, select All or Administrator. Both inlcude the right to grant edit rights.

Delete rights

If you want to deny a user the permission to delete your folders, select None. If you permitted a user to create subfolders in your folder and you want to restrict his delete rights to his own folders, select Own. If you want to grant him delete permissions to the entire folder, select All or Administrator . Both include the right to grant delete rights.

If a user has lost his delete rights for a folder, he cannot move objects from this folder since moving them would mean deleting them from the source folder. Accordingly, the Move function in the panel is unavailable (gray) if the user does not have the permission to delete a folder.