Rights Manager

The Rights Manager is used to set permissions for users and groups accessing the other modules. This can also be accessed from the Admin menu item found in the Modules menu on the navigation bar.

A policy is an ability that can be granted or denied to individual users or groups. For example, the ability to create HTML Calenders, or the ability to modify other people's News items, are valid Policies.

Each policy has, associated with it, a list of users and groups who have permission to accomplish that action. Putting an individual user, or a group to which they are a member, into the Allow column has the effect of allowing that user this access.

Permissions are additive. Users may be members of one or more groups, and if any of those groups has permission to use a resource in a certain way, so does that user; even if he/she is still listed under "Deny" as a user.

• [NOTE]The permission model used is quite simple and does not contain an explicit or overriding 'Deny' permission. This might cause confusion among those who are more used to the Microsoft or Novell permissions models, where giving a group or user the 'Deny' permission means that they absolutely cannot access the relevant resource. Here, 'Deny' simply denotes the lack of a positive permission, but if the user has permissions by some other means, such as group membership, they can still access the resource in question.

Main Screen:

This is a split screen. The left side contains a simple listing of permissions, organized by module, in a collapsible folder structure. Folders are expanded by clicking the + next to the folder name, or double-clicking the folder name, and collapsed by clicking the - next to an expanded folder. Clicking on a specific policy, such as List Calendars, brings up the actual permission setting page for that policy.

The right side of the screen contains an overview of all policies, including the current list of all users who are granted or denied permissions under each particular policy.

• [NOTE]This is not the actual user or group permissions list. This is the Resultant Permission list. For example, granting Allow permission under a given policy to a single group only, means that the actual permissions lists for that policy will show all users and groups in the Deny column, except for that group.

The Resultant Permission list, in contrast, will show in the Allow column every individual member of the Allowed group who is defined in the WebShare Manager system, even if they have never been individually Allowed.

Near the top of the left side of the screen is a view filter for the otherwise often-lengthy Resultant Permission lists. Setting this allows one to view only users of interest (or highlights them without removing the others from view). This does not change any actual permissions.

Access module

Each module has one special policy associated with it, called "Access module". This policy determines if a user can use the module at all. If a given user would end up in the Deny side of the Resultant Permission list, they will not even see any reference to the module when they log into the WebShare Manager. It will not appear on any of their menus. If a user is denied access at this level, any other Allow permissions they may have within the module are irrelevant, since they cannot access the module at all.

Permission Setting Screen:

Within this screen, select one or more users or groups and move them between the Deny and Allow columns. Once the selections are made, use the buttons in the middle of the screen to move the users or groups from one column to the other. Note that just because a user has been created does not mean that they appear on the list. They must log in at least once to the WebShare Manager in order to have a user on the WebShare Manager system. However, once they log on, they will automatically have inherited all permissions granted by their various group memberships.