If access rights are "propagated" by membership in BSCW groups and if users may belong to several BSCW groups with different access rights, you may want to check that the access rights of individual users comply with your intentions. For the members of the Workspace this can be checked easily in the Access details table included in the object's Info page.
Additionally, BSCW provides a detailed explanation of how the access rights of a particular user have been derived:
icon to the left of the object's type icon to display the object's Info page.
on the top button bar of the Info page to bring up the 'Access control table for object name' form. In the section entitled Evaluation of access rights (below the table),
to bring up the 'Access rights evaluation on object object name for user user name page.
This page includes a detailed explanation of the algorithm that BSCW uses to calculate access rights from the set of competing access control values that it may encounter for a particular user.
The Evaluation table includes a row for each BSCW group that the user is a member of, and a column for each action cluster. The bottom row shows the access rights of the user calculated from the cells in the columns.
The cells of the Evaluation table show "extended" access control values. The extensions express the (potential) access right resulting from the access control values. Which extension follows from an access control value is obvious for:
| yes* | granted for all owners | has extension '=> yes' |
| no | denied for all members | has extension '=> no' |
| yes | granted for all members | has extension '=> yes' |
| - | not explicitly granted | has extension '=> no' |
To calculate the extension for 'derived', BSCW determines the access right of this user in the Workspace of the BSCW group under consideration. To do this, it may be necessary to determine the user's access right in a higher-level Workspace. As a last resort, the default access right of the type of user determines the extension. Thus, the access control value 'derived' may have both extensions, '=> yes' and '=> no'.
For registered users always the extension '=> yes' will be chosen.
For the (unregistered) user anonymous the extension '=> yes' is restricted to the 'read' action cluster; for other action clusters the default rights of anonymous lead to the extension '=> no'.
As a consequence, six extended access control values may occur in the Evaluation table -- in the order of their priority:
For each action cluster, the access right is determined by the "extended" access control value with the highest priority in this column.
to display the Access rights evaluation ... page with the Evaluation table reduced to one column.