4.7 Access rights

4.7 Access rights

4.7.1 Information about current access rights

4.7.2 Default access rights

4.7.3 Adding access rights holders

4.7.4 Restructuring action clusters

4.7.5 Assigning access control values

4.7.6 Allowing anonymous access

In BSCW an access right permits a user to perform a cluster of actions on an object. As BSCW aims to support cooperative work, its basic idea is that an object is either

private, so that only the user who created it in a private Folder may access it,

shared, with equal access rights for all members of the shared Workspace that contains the object.

Thus, the basic decisions about access rights are made when

a Workspace is created, whose access right are (by default) "inherited" by all objects it contains,
an object is uploaded to a Workspace or is created there,
a user is invited to a shared Workspace and is thus allowed to access and use all objects in the Workspace and to add new objects shared with the other members.

The default access rights that BSCW assigns to shared objects (see section 4.7.2.2) have proven to be well suited to "standard" usage of BSCW. On occasion, however, these default access rights may need to be modified, for some objects, in some minor details. Here, BSCW provides powerful functionality to set different access rights for BSCW groups or individual users with respect to Workspaces, Folders, individual Documents etc., and to "propagate" them by "inheritance". Access rights for an object can be assigned to individual users or BSCW groups. On the other hand, objects can also be made accessible for anonymous access.

Sections 4.7.1 to 4.7.6 describe in detail BSCW's functionality for assigning and restructuring access rights:

Section 4.7.1 discusses the major indicators of access rights in the HTML-based user interface; it explains where the current access rights for an object are described in detail and how you may find out about the factors behind the final decision whether access is allowed or not.
In the center of this discussion is the Access details table in the Info page of each object. This table also suggests the topics of the sections 4.7.2 to 4.7.5:
BSCW's defaults for different classes of rights holders (which help to manage the potentially large number of rows in the Access details table) are discussed in section 4.7.2. Section 4.7.3 explains how you may extend and fine-tune the default classes of rights holders.
The focus of section 4.7.4 is on the columns of the Access details table. This section describes how to add columns and to shift actions between columns.
Section 4.7.5 discusses, how access control values in the Table of access rights for object name may be modified and describes BSCW's rules for deriving access rights from access control values.
Section 4.7.6 explains the special features for publishing objects in a Workspace, e. g. by allowing different levels of anonymous access across the web.

Recommendation:: We recommend that groups using a shared Workspace should agree on a few basic rules for the organization of access rights, which are then set for the Workspace as a whole and are automatically applied to all objects in that Workspace.; Only experienced users should plan and implement modifications of access rights.

Note:

One major motivation for limiting access rights is to prevent Documents from being overwritten or deleted accidentally. Here BSCW offers two solutions which do not require modification of access rights:

lock the Document temporarily (see section 4.6.3);
establish version control for the Document (see section 4.8 for details).