For security and administration purpose, UBIK® allows configuring different access rights for users on the server. The client allows/disallows certain actions based on these configurations.
Scopes
Scopes affect how different rights can be assigned. The following scopes are supported.
- Per User: For the same content, different users might be assigned with different rights.
- Per Object: User rights can be assigned to single object instances.
- Per Property: User rights can be assigned to single property values of every object instance.
Definitions
The following user rights are defined in UBIK®.
- Read & Write: Users can do anything to the content (only from a user right perspective, however, it is still subject to other rules such as the editability of properties).
- Read-Only: Users can only view the content. Modifications such as editing, deleting and creating children are not allowed.
- No Right: This is only implicit on the client in the sense that content defined as such will not even be delivered from the server to the client.
All these user rights applied on the content usually do not extend by relations. For example, a read-only object does not prevent its children from being modified unless the children carry the read-only right themselves.
One exception to this is the MRO task owner object. If a task owner is configured as read-only, all its MRO related children will be read-only as well. |