1,569 bytes added,
12:52, 2 September 2016 For security and administration purpose, {{UBIK}} allows configuring different access rights for users on the server. The client allows/disallows certain actions based on these configurations.
== Scopes ==
Scopes affect how different rights can be assigned. The following scopes are supported.
* Per User: For the same content, different users might be assigned with different rights.
* Per Object: User rights can be assigned to single object instances.
== Definitions ==
[[File:UI_WinX_User_Rights_ReadOnly_Object.png|thumb|An read-only object]]
[[File:UI_WinX_User_Rights_ReadOnly_Properties.png|thumb|Properties of an read-only object]]
The following user rights are defined in {{UBIK}}.
* Read & Write: Users can do anything to the content (only from a user right perspective, however, it is still subject to other rules such as the editability of properties).
* Read-Only: Users can only view the content. Modifications such as editing, deleting and creating children are not allowed.
* No Right: This is only implicit on the client in the sense that content defined as such will not even be delivered from the server to the client.
All these user rights applied on the content usually do not extend by relations. For example, a read-only object does not prevent its children from being modified unless the children carry the read-only right themselves.
{{Attention|One exception to this is the [[MRO_Objects_(UBIK_WinX)#Task_Owner|MRO task owner]] object. If a task owner is configured as read-only, all its MRO related children will be read-only as well.}}