Some roles in BSCW are already predefined by the system, e.g. Manager, Member or Restricted member. These roles may be applied to all BSCW objects and thus may be assigned anywhere.
In addition, you may define new roles if you need them for a specific application. Examples would be Teacher, Student or Guest. You proceed as follows:
• Choose Access Add Role in the action menu of the object, for which you want to define the new role. If this object is a folder the new role is also valid for all objects contained in the folder.
• Enter the name of the new role in the ‘Add Role’ form. To define the access rights of the new role you have two possibilities:
• You may use another role as template: choose a role template and select the check box next to it. You may then proceed to adapt the template to your needs using [Edit role...].
may also define the new role’s access rights from scratch. To do so, de-activate
the use of a role template and select the action classes which the future role
holders shall be authorized to. All BSCW actions underlying access control are
classified into action classes. Below we give some typical examples of actions
for the classes listed:
Get: Open, Copy
Get ext.: More Information
Change: Add Folder, Upload Document, Change Description
Change ext.: Delete
Owner: Assign Role, Edit Role
Share: Invite Member, Remove Member
Share ext.: Add Role, Upload per Email
Edit: Cut, Edit Note
Choose [Edit role...] to view all action classes in detail – the ones that you have selected and also the ones that you don’t have selected.
• Confirm with [OK] if you are satisfied with the action groups that you have selected for your new role, or click [Edit Role ...] to carry out the necessary modifications of the new role on the level of single actions (see Edit Role further below).
User-defined roles are restricted to the scope of the respective object and may only be used within this scope.
Predefined as well as user-defined roles are called normal roles since they may be assigned without restrictions within their respective scope. Besides, there are also special roles that may only be assigned to users with restrictions or that are inherited in a special way. Only system administrators may define (or remove) special roles. Examples for special roles are Owner and Creator.
• Choose Access Edit Role in the action menu of the object for which you want to change role definitions.
• Select the role that you want to change and confirm with [OK]. At this point, you may also reset all role changes carried out for this object so far by clicking [Reset All Roles].
• In the subsequent form, you select all actions that should be allowed for the changed role and confirm with [OK]. In case the edited role is a user-defined role, you may delete the role definition altogether by clicking [Remove Role].
Note: If the action ‘Cut’ is allowed for a role, then this goes also for the action ‘Delete’ even if the respective check box has not been checked. The reason for this rule is that an object that has been cut may be deleted from the clipboard without any further restrictions, i.e. one could say that the action ‘Cut’ includes the action ‘Delete’.
The changed role definitions are valid within the scope of the object where they have been changed, but not outside! This means that there may be different roles with the same name, but different scopes, i.e. Members in two different workspaces may have quite different access rights.