Defining and re-defining roles

Some roles in BSCW are already predefined by the system, e.g. Manager, Member or Re­strict­ed member. These roles may be applied to all BSCW objects and thus may be as­signed any­where.

In addition, you may define new roles if you need them for a specific application. Examples would be Teacher, Student or Guest. You proceed as follows:

      Choose action  Access    Add Role  in the action menu of the object, for which you want to de­fine the new role. If this object is a folder the new role is also valid for all objects contained in the folder.

      Enter the name of the new role in the ‘Add Role’ form. To define the access rights of the new role you have two possibilities:

      You may use another role as template: choose a role template and select the check box next to it. You may then proceed to adapt the template to your needs using [Edit role...].

      You may also define the new role’s access rights from scratch. To do so, de-activate the use of a role template and select the action classes which the future role holders shall be authorized to. All BSCW actions underlying access control are classified into action classes. Below we give some typical examples of actions for the classes listed:
   Get: Open, Copy   
   Get ext.: More Information        
   Change: Add Folder, Upload Docu­ment, Change Description    
   Change ext.: Delete        
   Owner: Assign Role, Edit Role     
   Share: Invite Member, Remove Member         
   Share ext.: Add Role, Upload per Email  
   Edit: Cut, Edit Note         
Choose [Edit role...] to view all action classes in detail – the ones that you have selected and also the ones that you don’t have selected.

      Confirm with [OK] if you are satisfied with the action groups that you have selected for your new role, or click [Edit Role ...] to carry out the necessary modifications of the new role on the level of single actions (see  Edit Role  further below).

User-defined roles are restricted to the scope of the respective object and may only be used within this scope.

Predefined as well as user-defined roles are called normal roles since they may be assigned without restrictions within their respective scope. Besides, there are also special roles that may only be assigned to users with restrictions or that are inherited in a special way. Only system administrators may define (or remove) special roles. Examples for special roles are Owner and Creator.

All roles (normal roles as well as special roles) may be redefined.

      Choose action  Access    Edit Role  in the action menu of the object for which you want to change role definitions.

      Select the role that you want to change and confirm with [OK]. At this point, you may also reset all role changes carried out for this object so far by clicking [Reset All Roles].

      In the subsequent form, you select all actions that should be allowed for the changed role and confirm with [OK]. In case the edited role is a user-defined role, you may delete the role definition altogether by clicking [Remove Role].

Note: If the action ‘Cut’ is allowed for a role, then this goes also for the action ‘Delete’ even if the respective check box has not been checked. The reason for this rule is that an object that has been cut may be deleted from the clipboard without any further restric­tions, i.e. one could say that the action ‘Cut’ includes the action ‘Delete’.

The changed role definitions are valid within the scope of the object where they have been changed, but not outside! This means that there may be different roles with the same name, but different scopes, i.e. Members in two different workspaces may have quite different ac­cess rights.