Context Navigation

project_permission.xml @ 7640

Visit:

Last change on this file since 7640 was 7640, checked in by Nicklas Nordborg, 3 years ago

References #2136: Remove support for spot images

Updated documentation.

Property svn:eol-style set to native
Property svn:keywords set to Id

File size: 32.4 KB

Line
1	<?xml version="1.0" encoding="UTF-8"?>
2	<!DOCTYPE chapter PUBLIC
3	"-//Dawid Weiss//DTD DocBook V3.1-Based Extension for XML and graphics inclusion//EN"
4	"../../../../lib/docbook/preprocess/dweiss-docbook-extensions.dtd">
5	<!--
6	$Id: project_permission.xml 7640 2019-03-11 13:13:29Z nicklas $
7
8	Copyright (C) 2007 Jari Häkkinen, Peter Johansson, Nicklas Nordborg, Martin Svensson
9
10	This file is part of BASE - BioArray Software Environment.
11	Available at http://base.thep.lu.se/
12
13	BASE is free software; you can redistribute it and/or
14	modify it under the terms of the GNU General Public License
15	as published by the Free Software Foundation; either version 3
16	of the License, or (at your option) any later version.
17
18	BASE is distributed in the hope that it will be useful,
19	but WITHOUT ANY WARRANTY; without even the implied warranty of
20	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21	GNU General Public License for more details.
22
23	You should have received a copy of the GNU General Public License
24	along with BASE. If not, see <http://www.gnu.org/licenses/>.
25	-->
26
27	<chapter id="project_permission">
28	<?dbhtml dir="projects" filename="index.html" ?>
29	<title>Projects and the permission system</title>
30	<sect1 id="project_permission.permissions">
31	<?dbhtml filename="permissions.html" ?>
32	<title>The permission system</title>
33	<para>
34	BASE is a multi-user environment that supports cooperation
35	between users while protecting all data against unauthorized
36	access or modification. To make this possible an elaborate
37	permission system has been developed that allows a user to
38	specify exactly the permission to give to other users and at the
39	same time makes it easy to handle the permissions of multiple
40	items with just a few interactions. For this to work smoothly there
41	are a few recommendations that all users should follow. The first
42	and most important recommendation is:
43	</para>
44
45	<important>
46	<title>Always use a project!</title>
47	By collecting items in a project the life
48	will be a lot easier when you want to share your data with others.
49	This is because you can always treat all items in a project as one
50	collection and grant or revoke access to the project as a whole.
51	</important>
52
53	<sect2 id="project_permission.permissions.levels">
54	<title>Permission levels</title>
55
56	<para>
57	Whenever you try to create or access existing items in BASE the core will
58	check that you have the proper permission to do so. There
59	are several permission levels:
60	</para>
61
62	<variablelist>
63	<varlistentry>
64	<term>Read</term>
65	<listitem>
66	<para>
67	Permission to read information about the item, such
68	as the name and description.
69	</para>
70	</listitem>
71	</varlistentry>
72
73	<varlistentry>
74	<term>Use</term>
75	<listitem>
76	<para>
77	Permission to use the information. In most cases this
78	means linking with other items. For example, if you have permission
79	to use a protocol you may specify that protocol as the extraction
80	protocol when creating an extract from a sample. In the case of plug-ins,
81	you need this permission to be able to execute them.
82	</para>
83	</listitem>
84	</varlistentry>
85
86	<varlistentry>
87	<term>Annotate</term>
88	<listitem>
89	<para>
90	Permission to add, update or delete annotations on an item.
91	In addition to this permission, <guilabel>Use</guilabel> permission
92	is required on the annotation type.
93	</para>
94	</listitem>
95	</varlistentry>
96
97	<varlistentry>
98	<term>Write</term>
99	<listitem>
100	<para>
101	Permission to change information about the item.
102	</para>
103	</listitem>
104	</varlistentry>
105
106	<varlistentry>
107	<term>Delete</term>
108	<listitem>
109	<para>
110	Permission to delete the item.
111	</para>
112	</listitem>
113	</varlistentry>
114
115	<varlistentry>
116	<term>Change owner</term>
117	<listitem>
118	<para>
119	Permission to change the owner of an item. This is implemented as a
120	<guilabel>Set owner</guilabel> function in the web client
121	(<xref linkend="webclient.items.changeowner" />), where you can
122	change the owner of items that you have permission to do so on.
123	</para>
124	</listitem>
125	</varlistentry>
126
127	<varlistentry>
128	<term>Change permissions</term>
129	<listitem>
130	<para>
131	Permission to change the permissions on the item.
132	</para>
133	</listitem>
134	</varlistentry>
135
136	<varlistentry>
137	<term>Create</term>
138	<listitem>
139	<para>
140	Permission to create new items. This permission can only be
141	given to roles.
142	</para>
143	</listitem>
144	</varlistentry>
145	<varlistentry>
146	<term>Deny</term>
147	<listitem>
148	<para>
149	Deny all access to the item. This permission can only be given
150	to roles.
151	</para>
152	</listitem>
153	</varlistentry>
154
155	</variablelist>
156	<note>
157	A user's permissions need to be reloaded for the permissions that have been
158	changed should take effect. This is done either manually with the menu choice
159	<menuchoice>
160	<guimenu>BASE</guimenu>
161	<guimenuitem>Reload permissions</guimenuitem>
162	</menuchoice>
163	or automatically next time the user logs in to BASE.
164	</note>
165
166	</sect2>
167
168	<sect2 id="project_permission.permissions.checks">
169	<title>Getting access to an item</title>
170
171	<para>
172	There are several ways that permission to access an item can
173	be granted to you. The list below is a description of how the
174	permission checks are implemented in the BASE core:
175	</para>
176
177	<orderedlist>
178	<listitem>
179	<para>
180	Check if you are the <emphasis>root user</emphasis>. The root user has full
181	permission to everything and the permission check stops here.
182	</para>
183	</listitem>
184
185	<listitem>
186	<para>
187	Check if you are a <emphasis>member of a role</emphasis> that gives you access to the
188	item. Role-based permissions can only be specified based on
189	generic item types and is valid for all items of that type.
190	The role-based permissions also include a special deny permission
191	that prevents a user from accessing any item. In that case,
192	the permission check stops here.
193	</para>
194	</listitem>
195
196	<listitem>
197	<para>
198	Check if you are the <emphasis>owner of the item</emphasis>. As the owner you have full
199	permission to the item and the permission check stops here. This step is not done
200	for items that doesn't have an owner.
201	</para>
202	</listitem>
203
204	<listitem>
205	<para>
206	Check if you have been granted access to the item by the
207	<emphasis>sharing system</emphasis> (cf. <xref linkend="webclient.items.share"/>).
208	The sharing system can grant access to individual users, groups of
209	users and to projects. We recommend that you always use projects
210	to share your items. This step is not done for items that can't be shared.
211	</para>
212	</listitem>
213
214	<listitem>
215	<para>
216	Some items implement special permission checks.
217	For example:
218	</para>
219
220	<itemizedlist>
221	<listitem>
222	<para>
223	<guilabel>News</guilabel>: You always have read access to news if today's date
224	falls between the start and end date of the news item.
225	</para>
226	</listitem>
227
228	<listitem>
229	<para>
230	<guilabel>Groups</guilabel>: You have read access to all groups where you
231	are a member.
232	</para>
233	</listitem>
234
235	<listitem>
236	<para>
237	<guilabel>Users</guilabel>: You have read permission to all users that share group
238	membership with, excluding the <emphasis>Everyone</emphasis> group.
239	When a project is active, you also have read permission to all
240	users that are members of that project.
241	</para>
242	</listitem>
243
244	</itemizedlist>
245
246	<para>
247	There are more items with special permission checks but
248	we do not list those here.
249	</para>
250
251	</listitem>
252
253	</orderedlist>
254	</sect2>
255
256	<sect2 id="project_permission.permissions.plugins">
257	<title>Plug-in permissions</title>
258
259	<para>
260	Another aspect of the permission system is that plug-ins
261	may also have permissions of their own. The default is that
262	plug-ins run with the same permissions as the user that invoked
263	the plug-in. Sometimes this can be seen as a security risk
264	if the plug-in is not trusted. A malicious plug-in can, for example,
265	delete the entire database if invoked by the root user.
266	</para>
267
268	<para>
269	An administrator can choose to give a plug-in only those
270	permissions that is required to complete it's task. If the plug-in
271	permission system is enabled for a plug-in the default is to deny
272	all actions. Then, the administrator must assign permissions to
273	the plug-in. There are two variants:
274	</para>
275
276	<itemizedlist>
277	<listitem>
278	<para>
279	A permission can be granted regardless of if the user that invoked
280	the plug-in had the permission or not. This makes it possible to
281	develop a plug-in that allows users to do things that they normally
282	do not have permission to do directly in the web interface.
283	</para>
284	</listitem>
285
286	<listitem>
287	<para>
288	A permission can be granted only if the user also has the permission.
289	This is the same as not using the plug-in permission system, except that
290	unspecified permissions are always denied.
291	</para>
292	</listitem>
293	</itemizedlist>
294
295	<note>
296	Plug-in developers can supply information about
297	the wanted permissions making it easy for the administrator to
298	just check the permissions and accept them with just a single
299	click if they make sense. See <xref linkend="plugins.permissions"/> for more information.
300	</note>
301
302	</sect2>
303
304	</sect1>
305
306	<sect1 id="project_permission.projects">
307	<?dbhtml filename="projects.html" ?>
308
309	<title>Projects</title>
310
311	<para>
312	Projects are an important part of BASE and the permission system for several
313	reasons:
314	</para>
315
316	<itemizedlist>
317	<listitem>
318	<para>
319	They do not require an administrator to setup and
320	use. All regular users may create a project, add items
321	to it and share it with other users. You are in complete
322	control of who gets access to the project, the items it contains
323	and which permission levels to use.
324	</para>
325	</listitem>
326
327	<listitem>
328	<para>
329	All items in a project are treated as one collection. If a
330	new member joins the team, just give the new person access
331	to the project and that person will be able to access all
332	items in the project.
333	</para>
334	</listitem>
335
336	<listitem>
337	<para>
338	When you create new items, they are automatically shared
339	using the settings from the active project. There is almost no
340	need to share items manually. All
341	you have to remember is to set an active project, and
342	this is easy accessible from the
343	<link linkend="webclient.intro.menubar">menu bar</link>.
344	</para>
345	</listitem>
346
347	<listitem>
348	<para>
349	Filter out items that you do not want to see. When you have set
350	an active project you may choose to only see items that are
351	part of that project and no other items
352	(<xref linkend="webclient.itemlist.presets"/>).
353	</para>
354	</listitem>
355
356	<listitem>
357	<para>
358	It's easy to share multiple items between projects. Items
359	may be part of more than one project. If you create a new
360	project that builds on a previous one you can easily share
361	some or all of the existing items to the new project from one
362	central place, the <guilabel>Items</guilabel> tab on the project's
363	single-item view.
364	</para>
365	</listitem>
366
367	<listitem>
368	<para>
369	It is possible to assign default protocols, software, hardware
370	and other items to a project. This makes it easier when creating
371	new items since BASE will automatically suggest, for example
372	the extraction protocol used when creating a new extract. The default
373	items are also used by the <guilabel>item overview</guilabel>
374	validation functionality, which makes it possible to spot
375	mistakes. See <xref linkend="webclient.itemoverview" />.
376	</para>
377	</listitem>
378
379	</itemizedlist>
380
381	<sect2 id="project_permission.projects.create">
382	<title>Creating a project</title>
383
384	<para>
385	You can list and manage all of your projects by going to
386	<menuchoice>
387	<guimenu>View</guimenu>
388	<guimenuitem>Projects</guimenuitem>
389	</menuchoice>. Use the &gbNew; button to create a new projects.
390	</para>
391
392	<figure
393	id="project_permission.figures.edit_project">
394	<title>Projects properties</title>
395	<screenshot>
396	<mediaobject>
397	<imageobject>
398	<imagedata
399	fileref="figures/edit_project.png" format="PNG" />
400	</imageobject>
401	</mediaobject>
402	</screenshot>
403	</figure>
404
405	<helptext external_id="project.edit"
406	title="Edit project">
407
408	<para>
409	This tab allows users to enter essential
410	information about a project.
411	</para>
412
413	<variablelist>
414	<varlistentry>
415	<term><guilabel>Name</guilabel></term>
416	<listitem>
417	<para>
418	The name of the project. We recommend that project names are unique, since
419	at some times it may need to be referenced by name.
420	</para>
421	</listitem>
422	</varlistentry>
423	<varlistentry>
424	<term><guilabel>Default permissions</guilabel></term>
425	<listitem>
426	<para>
427	This setting specify the permissions to give to new items that
428	are created while this project is the active project. The recommended
429	setting is <guilabel>delete</guilabel> permission. Optionally,
430	a permission template may be selected, in which case the permissions
431	are copied from the template to the new item.
432	<nohelp>See <xref linkend="project_permission.templates"/>
433	for more information.</nohelp>
434	</para>
435	</listitem>
436	</varlistentry>
437	<varlistentry>
438	<term><guilabel>Description</guilabel></term>
439	<listitem>
440	<para>
441	A optional description of the project.
442	</para>
443	</listitem>
444	</varlistentry>
445	</variablelist>
446
447	<seeother>
448	<other external_id="project.edit.members">Project members</other>
449	<other external_id="project.edit.defaults">Default items</other>
450	</seeother>
451
452	</helptext>
453
454	</sect2>
455
456	<sect2 id="project_permission.projects.active">
457
458	<title>The active project</title>
459
460	<para>
461	The active project concept is central to the sharing system.
462	You should always, with few exceptions, have a project active
463	when you work with BASE. The most important reason is that
464	new items will automatically be shared using the settings in
465	the active project. This considerably reduces
466	the time needed for managing access permissions. Without an
467	active project you would have to manually
468	set the permission on all items you create. If you have hundreds
469	of items this is a time-consuming and boring task best to be
470	avoided.
471	</para>
472
473	<para>
474	If you work with multiple projects you will probably find the
475	filtering function that hides items that are not part
476	of the active project to be useful. As a matter of fact, if you
477	try to access an item that is part of another (not active) project
478	you will get an error message saying that you do not have
479	permission to access the item (unless you are the owner).
480	</para>
481
482	<sect3 id="project_permission.projects.active.set">
483	<title>Selecting an active project</title>
484
485	<para>
486	Since it's important to always have an active project
487	there are several ways to make a project
488	the active one.
489	</para>
490
491	<itemizedlist>
492	<listitem>
493	<para>
494	The easiest way and the one you will probably use most of the time
495	is to use the menu bar shortcut. Look in the menu for the project
496	icon
497	<guiicon>
498	<inlinemediaobject>
499	<imageobject>
500	<imagedata fileref="figures/project.png" format="PNG" />
501	</imageobject>
502	</inlinemediaobject></guiicon>.
503	Next to it, the name of the active project is displayed. If you see
504	<guiicon>
505	<inlinemediaobject>
506	<imageobject>
507	<imagedata fileref="figures/no_active_project.png" format="PNG" />
508	</imageobject>
509	</inlinemediaobject>
510	</guiicon>
511	<guilabel>no active project</guilabel>
512	here, it means that you have not selected a project to work in. Click on the icon or
513	project name to open a drop-down menu and select a project to set as
514	the active project. If another project is already active it will
515	automatically be inactivated.
516	</para>
517	<para>
518	The most recently used projects are listed first, then the list is filled with the
519	rest of your projects up to a maximum of 15. If you have more projects an option to
520	display the remaining projects is activated.
521	</para>
522	<tip>
523	<para>
524	The sort order of the non-recent projects is the same as the sort order on the
525	projects list page. If you, for example, want to sort the newest
526	project first, select to sort by the <guilabel>Registered</guilabel>
527	column in descending order on the list page. The menu will automatically
528	use the same order.
529	</para>
530	</tip>
531	</listitem>
532
533	<listitem>
534	<para>
535	Use the <menuchoice><guimenu>BASE</guimenu>
536	<guisubmenu>Select project</guisubmenu></menuchoice>
537	menu and select the project from the submenu that opens
538	up.
539	</para>
540	</listitem>
541
542	<listitem>
543	<para>
544	Go to the <link linkend="webclient.intro.homepage">homepage</link>
545	using the <menuchoice><guimenu>View</guimenu>
546	<guisubmenu>Home</guisubmenu></menuchoice> menu and select
547	a project from the list displayed there.
548	</para>
549	</listitem>
550	</itemizedlist>
551
552	<note>
553	Only one project can be active at a time.
554	</note>
555
556	<caution>
557	If you change the active project while viewing an item
558	that you no longer has access to in the context of the
559	new project an error message about missing permission
560	will be displayed. Unfortunately, this is all that is displayed
561	and it may be difficult to navigate to a working page again.
562	In the worst case, you may have to go to the login page and
563	login again.
564	</caution>
565
566	</sect3>
567
568	<sect3 id="project_permission.projects.active.autopermissions">
569	<title>Default permissions for the active project</title>
570
571	<para>
572	When a project is active all new items you create are automatically
573	shared using the settings from the active project. If the active project
574	has a permission template the permissions from the template are copied
575	to the new item. If the project doesn't have a permission template, the
576	new item is shared to the active project with the configured default
577	level. By default, projects doesn't have a permission template
578	and the default permissions are set to
579	<emphasis>read</emphasis>, <emphasis>use</emphasis>,
580	<emphasis>write</emphasis> and <emphasis>delete</emphasis>. It is
581	possible to change the default permission level by modifying the
582	settings for the project. Simply open the edit-view page for the project
583	and select the permissions you want and save. From now on, all new
584	items will be shared with the specified permissions. Items that are
585	already in the project are not affected by the change.
586	</para>
587	</sect3>
588
589	</sect2>
590
591	<sect2 id="project_permission.projects.share">
592	<title>How to give other users access to your project</title>
593
594	<para>
595	First, you will need to open the <guilabel>Edit project</guilabel>
596	dialog. Here is how to do that:
597	</para>
598
599	<orderedlist>
600	<listitem>
601	<para>
602	Navigate to the single-item view of your project
603	from the <menuchoice><guimenu>View</guimenu>
604	<guisubmenu>Projects</guisubmenu></menuchoice> list.
605	</para>
606	</listitem>
607
608	<listitem>
609	<para>
610	Click on the &gbEdit;
611	button to open the <guilabel>Edit project</guilabel>
612	dialog.
613	</para>
614	</listitem>
615
616	<listitem>
617	<para>
618	Switch to the <guilabel>Members tab</guilabel>. From this
619	page you can add and remove users and change the access levels
620	of existing ones.
621	</para>
622	</listitem>
623	</orderedlist>
624
625	<figure id="project_permission.projects.members">
626	<title>Manage members of a project</title>
627	<screenshot>
628	<mediaobject>
629	<imageobject><imagedata fileref="figures/project_members.png" format="PNG" /></imageobject>
630	</mediaobject>
631	</screenshot>
632	</figure>
633
634
635	<helptext external_id="project.edit.members" title="Project members">
636
637	<variablelist>
638	<varlistentry>
639	<term><guilabel>Members</guilabel></term>
640	<listitem>
641	<para>
642	The members list contains users
643	and groups that are already members of the project. The list
644	shows the name and the permission level. The permission level
645	uses a one-letter code as follows:
646	</para>
647	<itemizedlist>
648	<listitem><guilabel>R</guilabel> = Read</listitem>
649	<listitem><guilabel>U</guilabel> = Use</listitem>
650	<listitem><guilabel>W</guilabel> = Write</listitem>
651	<listitem><guilabel>D</guilabel> = Delete</listitem>
652	<listitem><guilabel>O</guilabel> = Set owner</listitem>
653	<listitem><guilabel>P</guilabel> = Set permission</listitem>
654	</itemizedlist>
655	</listitem>
656	</varlistentry>
657
658	<varlistentry>
659	<term><guilabel>Permissions</guilabel></term>
660	<listitem>
661	<para>
662	When you select an user or group in the
663	list the current permission will be checked. To change the
664	permissions just check the permissions you want to
665	grant or uncheck the permissions you want to revoke.
666	You may select more than one user and/or group
667	and change the permissions for all of them at once.
668	</para>
669
670	<note>
671	<para>
672	In most cases, you should give the project members
673	<guilabel>use</guilabel> permission. This will allow a user
674	to use all items in the project as well as add new items to it.
675	If you give them <guilabel>write</guilabel> or <guilabel>delete</guilabel>
676	permission they will be able to modify or delete all items including
677	those that they do not own.
678	</para>
679	<para>
680	This rule is valid for all items that are shared to the project
681	with the default <guilabel>delete</guilabel> permission. Items
682	that are shared with a lower permission, for example,
683	<guilabel>use</guilabel>, can be accessed with at most that
684	permission.
685	</para>
686	</note>
687
688	</listitem>
689	</varlistentry>
690
691	<varlistentry>
692	<term><guibutton>Add users</guibutton></term>
693	<listitem>
694	<para>
695	Opens a popup window that allows you to add
696	users to the project. In the popup window, mark
697	one or more users and click on the &gbOk;
698	button. The popup window will only list users that you have
699	permission to read. Unless you are an administrator, this
700	usually means that you can only see users that:
701	</para>
702	<itemizedlist>
703	<listitem>
704	<para>
705	you share group memberships with
706	(the <emphasis>Everyone</emphasis> group and groups with hidden members
707	doesn't count)
708	</para>
709	</listitem>
710	<listitem>
711	<para>
712	are members of the currently active project, if any.
713	</para>
714	</listitem>
715	</itemizedlist>
716	<para>
717	Users that already have access to the project are not included in the
718	list. If you don't see a user that you want to add to the project,
719	you'll need to talk to an administrator for setting up the proper
720	group membership.
721	</para>
722	</listitem>
723	</varlistentry>
724
725	<varlistentry>
726	<term><guibutton>Add groups</guibutton></term>
727	<listitem>
728	<para>
729	Opens a popup window that allows you to add
730	groups to the project. In the popup window, mark
731	one or more groups and click on the &gbOk;
732	button. Unless you are
733	an administrator, the popup window will only list groups
734	that you are a member of. It will not list groups that
735	are already part of the project.
736	</para>
737	</listitem>
738	</varlistentry>
739
740	<varlistentry>
741	<term>&gbRemove;</term>
742	<listitem>
743	<para>
744	Click on this button to remove the selected
745	users and/or groups from the project.
746	</para>
747	</listitem>
748	</varlistentry>
749	</variablelist>
750
751
752	<para>
753	Use the &gbSave; button to save your
754	changes or the &gbCancel; button to
755	close the popup without saving.
756	</para>
757
758	<seeother>
759	<other external_id="project.edit">Project properties</other>
760	<other external_id="project.edit.defaults">Default items</other>
761	</seeother>
762
763	</helptext>
764
765	</sect2>
766
767	<sect2 id ="project_permissions.project.defaults">
768	<title>Default items</title>
769
770	<helptext external_id="project.edit.defaults"
771	title="Default items">
772	<para>
773	A number of default item can be assigned to a project. It is possible to
774	select one raw data type and any number of platforms, variants, protocols,
775	hardware, software and array designs. The default items are used by BASE to
776	suggest default values. The subtype <nohelp>(see <xref linkend="subtypes" />)
777	</nohelp> of each item is used as a filter so that, for example, an extraction protocol is
778	suggested when creating an extract, and a hybridization protocol when creating
779	a hybridization. Use the various <guibutton>Add</guibutton> buttons to add
780	items to the project and the <guibutton>Remove</guibutton> button to remove them.
781	</para>
782
783	<note>
784	<para>
785	Make sure that the items that are selected as default items also are
786	shared to the project with at least <guilabel>use</guilabel> permission.
787	Otherwise the default items will not show up for other members of the
788	project, which may result in registering incorrect data.
789	</para>
790	</note>
791
792	<seeother>
793	<other external_id="project.edit">Project properties</other>
794	<other external_id="project.edit.members">Project members</other>
795	</seeother>
796
797	</helptext>
798
799	<figure
800	id="project_permission.figures.project_defaults">
801	<title>Project default items</title>
802	<screenshot>
803	<mediaobject>
804	<imageobject>
805	<imagedata
806	fileref="figures/project_defaults.png" format="PNG" />
807	</imageobject>
808	</mediaobject>
809	</screenshot>
810	</figure>
811
812	</sect2>
813
814	<sect2 id="project_permission.projects.items">
815	<title>Working with the items in the project</title>
816
817	<para>
818	If you go to the single-item view for a project you will find
819	that there is an extra tab, <guilabel>Items</guilabel>, on that
820	page.
821	<figure id="project_permission.images.projecttabs">
822	<title/>
823	<screenshot>
824	<mediaobject>
825	<imageobject><imagedata fileref="figures/project_tabs.png" format="PNG" /></imageobject>
826	</mediaobject>
827	</screenshot>
828	</figure>
829	Clicking on that tab will display a page that is similar
830	to a list view. However there are some differences:
831	</para>
832
833	<itemizedlist>
834	<listitem>
835	<para>
836	The list is not limited to one type of item. It can display
837	all items that are part of the project.
838	</para>
839	</listitem>
840
841	<listitem>
842	<para>
843	It support only a limited set of columns (id, name, description,
844	owner and a few more) since these are the only properties that are common
845	among all items.
846	</para>
847	</listitem>
848
849	<listitem>
850	<para>
851	The list cannot be sorted. This is due to a limitation in the
852	query system used to generate the list.
853	</para>
854	</listitem>
855	</itemizedlist>
856
857	<note>
858	The list only works for the active project. For all other
859	projects it will only display items that are owned by the
860	logged in user.
861	</note>
862
863	<para>
864	There are also several similarities:
865	</para>
866
867	<itemizedlist>
868	<listitem>
869	<para>
870	It supports all of the regular multi-item
871	operations such as delete, restore, share
872	and change owner.
873	</para>
874	</listitem>
875
876	<listitem>
877	<para>
878	Clicking on the name of the item will take you to the
879	single-item view of that item. Holding down <keycap>CTRL</keycap>,
880	<keycap>ALT</keycap> or <keycap>SHIFT</keycap> while clicking,
881	will open the edit popup.
882	</para>
883	</listitem>
884	</itemizedlist>
885
886	<tip>
887	<para>
888	This list is very useful when you are creating a
889	new project, in which you want to reuse items from
890	an old project.
891	</para>
892
893	<itemizedlist>
894	<listitem>
895	<para>
896	Activate the old project and go to this view.
897	</para>
898	</listitem>
899
900	<listitem>
901	<para>
902	Mark the checkbox for all items that you want to
903	use in the new project.
904	</para>
905	</listitem>
906
907	<listitem>
908	<para>
909	Click on the &gbShare; button
910	and share the items to the new project.
911	</para>
912	</listitem>
913	</itemizedlist>
914	<para>
915	If you have more than one old project, repeat the
916	above procedure.
917	</para>
918	</tip>
919
920	</sect2>
921
922	</sect1>
923
924	<sect1 id="project_permission.templates">
925	<?dbhtml filename="templates.html" ?>
926	<title>Permission templates</title>
927
928	<para>
929	A <emphasis>permission template</emphasis> is a pre-defined set of permissions
930	for users, groups and/or projects. The template makes it easy to quickly share
931	items to multiple users, groups and projects, possible with different permissions
932	for everyone. There are three major use-cases were permission templates are useful:
933	</para>
934
935	<itemizedlist>
936	<listitem>
937	<para>
938	A permission template can be associated with project. When the project is selected
939	as the active project, the permissions from the template are copied to any new items
940	that are created. Note that the new items may or may not be shared with the active
941	project, depending on the settings in the permission template.
942	</para>
943	</listitem>
944	<listitem>
945	<para>
946	Permission templates can be selected in the <link linkend="webclient.items.share">share dialog</link>,
947	making it easier to manually share items to multiple users,
948	groups and projects in just a few clicks.
949	</para>
950	</listitem>
951	<listitem>
952	<para>
953	Permission templates can be used with some batch item importers, making it easier
954	for administrators which only needs a single data file even if the data belong to
955	different projects.
956	</para>
957	</listitem>
958	</itemizedlist>
959
960	<para>
961	Permission templates are managed from the <menuchoice><guimenu>View</guimenu>
962	<guisubmenu>Permission templates</guisubmenu></menuchoice> menu. The template is
963	a very simple item that only has a name (required) and a description (optional).
964	We recommend that the names of the templates are kept unique, but this is not
965	enforced by BASE. To assign permissions to the template use the
966	<guibutton>Set permissions</guibutton> button. This is the same dialog as the
967	<link linkend="webclient.items.share">share dialog</link>.
968	</para>
969
970	<note>
971	<title>Permissions are copied</title>
972	<para>
973	When a permission template is used the permissions are <emphasis>copied</emphasis>
974	to the items. Modifications to the template that are made afterwards doesn't
975	affect the permissions for the items on which the template was used.
976	</para>
977	</note>
978	</sect1>
979	</chapter>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/doc/src/docbook/user/project_permission.xml @ 7640

Download in other formats: