source: trunk/doc/src/docbook/user/project_permission.xml @ 7640

Last change on this file since 7640 was 7640, checked in by Nicklas Nordborg, 3 years ago

References #2136: Remove support for spot images

Updated documentation.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Id
File size: 32.4 KB
Line 
1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE chapter PUBLIC
3    "-//Dawid Weiss//DTD DocBook V3.1-Based Extension for XML and graphics inclusion//EN"
4    "../../../../lib/docbook/preprocess/dweiss-docbook-extensions.dtd">
5<!--
6  $Id: project_permission.xml 7640 2019-03-11 13:13:29Z nicklas $
7
8  Copyright (C) 2007 Jari Häkkinen, Peter Johansson, Nicklas Nordborg, Martin Svensson
9
10  This file is part of BASE - BioArray Software Environment.
11  Available at http://base.thep.lu.se/
12
13  BASE is free software; you can redistribute it and/or
14  modify it under the terms of the GNU General Public License
15  as published by the Free Software Foundation; either version 3
16  of the License, or (at your option) any later version.
17
18  BASE is distributed in the hope that it will be useful,
19  but WITHOUT ANY WARRANTY; without even the implied warranty of
20  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
21  GNU General Public License for more details.
22
23  You should have received a copy of the GNU General Public License
24  along with BASE. If not, see <http://www.gnu.org/licenses/>.
25-->
26
27<chapter id="project_permission">
28  <?dbhtml dir="projects" filename="index.html" ?>
29  <title>Projects and the permission system</title>
30    <sect1 id="project_permission.permissions">
31      <?dbhtml filename="permissions.html" ?>
32      <title>The permission system</title>
33      <para>
34        BASE is a multi-user environment that supports cooperation
35        between users while protecting all data against unauthorized
36        access or modification. To make this possible an elaborate
37        permission system has been developed that allows a user to
38        specify exactly the permission to give to other users and at the
39        same time makes it easy to handle the permissions of multiple
40        items with just a few interactions. For this to work smoothly there
41        are a few recommendations that all users should follow. The first
42        and most important recommendation is:
43      </para>
44     
45      <important>
46        <title>Always use a project!</title>
47        By collecting items in a project the life
48        will be a lot easier when you want to share your data with others.
49        This is because you can always treat all items in a project as one
50        collection and grant or revoke access to the project as a whole.
51      </important> 
52       
53      <sect2 id="project_permission.permissions.levels">
54        <title>Permission levels</title>
55       
56        <para>
57          Whenever you try to create or access existing items in BASE the core will
58          check that you have the proper permission to do so. There
59          are several permission levels:
60        </para>
61       
62        <variablelist>
63          <varlistentry>
64            <term>Read</term>
65            <listitem>
66              <para>
67              Permission to read information about the item, such
68              as the name and description.
69              </para>
70            </listitem>
71          </varlistentry>
72         
73          <varlistentry>
74            <term>Use</term>
75            <listitem>
76              <para>
77              Permission to use the information. In most cases this
78              means linking with other items. For example, if you have permission
79              to use a protocol you may specify that protocol as the extraction
80              protocol when creating an extract from a sample. In the case of plug-ins,
81              you need this permission to be able to execute them.
82              </para>
83            </listitem>
84          </varlistentry>
85         
86          <varlistentry>
87            <term>Annotate</term>
88            <listitem>
89              <para>
90              Permission to add, update or delete annotations on an item.
91              In addition to this permission, <guilabel>Use</guilabel> permission
92              is required on the annotation type.
93              </para>
94            </listitem>
95          </varlistentry>
96         
97          <varlistentry>
98            <term>Write</term>
99            <listitem>
100              <para>
101              Permission to change information about the item.
102              </para>
103            </listitem>
104          </varlistentry>
105
106          <varlistentry>
107            <term>Delete</term>
108            <listitem>
109              <para>
110              Permission to delete the item.
111              </para>
112            </listitem>
113          </varlistentry>
114
115          <varlistentry>
116            <term>Change owner</term>
117            <listitem>
118              <para>
119                Permission to change the owner of an item. This is implemented as a
120                <guilabel>Set owner</guilabel> function in the web client
121                (<xref linkend="webclient.items.changeowner" />), where you can
122                change the owner of items that you have permission to do so on.
123              </para>
124            </listitem>
125          </varlistentry>
126
127          <varlistentry>
128            <term>Change permissions</term>
129            <listitem>
130              <para>
131              Permission to change the permissions on the item.
132              </para>
133            </listitem>
134          </varlistentry>
135         
136          <varlistentry>
137            <term>Create</term>
138            <listitem>
139              <para>
140              Permission to create new items. This permission can only be
141              given to roles.
142              </para>
143            </listitem>
144          </varlistentry>
145          <varlistentry>
146            <term>Deny</term>
147            <listitem>
148              <para>
149              Deny all access to the item. This permission can only be given
150              to roles.
151              </para>
152            </listitem>
153          </varlistentry>
154     
155        </variablelist>
156        <note>
157          A user's permissions need to be reloaded for the permissions that have been
158          changed should take effect. This is done either manually with the menu choice
159          <menuchoice>
160            <guimenu>BASE</guimenu>
161            <guimenuitem>Reload permissions</guimenuitem>
162          </menuchoice>
163          or automatically next time the user logs in to BASE.
164        </note>
165
166      </sect2>
167     
168      <sect2 id="project_permission.permissions.checks">
169        <title>Getting access to an item</title>
170     
171        <para>
172          There are several ways that permission to access an item can
173          be granted to you. The list below is a description of how the
174          permission checks are implemented in the BASE core:
175        </para>
176       
177        <orderedlist>
178          <listitem>
179            <para>
180            Check if you are the <emphasis>root user</emphasis>. The root user has full
181            permission to everything and the permission check stops here.
182            </para>
183          </listitem>
184         
185          <listitem>
186            <para>
187            Check if you are a <emphasis>member of a role</emphasis> that gives you access to the
188            item. Role-based permissions can only be specified based on
189            generic item types and is valid for all items of that type.
190            The role-based permissions also include a special deny permission
191            that prevents a user from accessing any item. In that case,
192            the permission check stops here.
193            </para>
194          </listitem>
195         
196          <listitem>
197            <para>
198            Check if you are the <emphasis>owner of the item</emphasis>. As the owner you have full
199            permission to the item and the permission check stops here. This step is not done
200            for items that doesn't have an owner.
201            </para>
202          </listitem>
203         
204          <listitem>
205            <para>
206            Check if you have been granted access to the item by the
207            <emphasis>sharing system</emphasis> (cf. <xref linkend="webclient.items.share"/>).
208            The sharing system can grant access to individual users, groups of
209            users and to projects. We recommend that you always use projects
210            to share your items. This step is not done for items that can't be shared.
211            </para>
212          </listitem>
213         
214          <listitem>
215            <para>
216            Some items implement special permission checks.
217            For example:
218            </para>
219           
220            <itemizedlist>
221              <listitem>
222                <para>
223                <guilabel>News</guilabel>: You always have read access to news if today's date
224                falls between the start and end date of the news item.
225                </para>
226              </listitem>
227           
228              <listitem>
229                <para>
230                <guilabel>Groups</guilabel>: You have read access to all groups where you
231                are a member.
232                </para>
233              </listitem>
234           
235              <listitem>
236                <para>
237                <guilabel>Users</guilabel>: You have read permission to all users that share group
238                membership with, excluding the <emphasis>Everyone</emphasis> group.
239                When a project is active, you also have read permission to all
240                users that are members of that project.
241                </para>
242              </listitem>
243           
244            </itemizedlist>
245           
246            <para>
247              There are more items with special permission checks but
248              we do not list those here.
249            </para>
250           
251          </listitem>
252         
253        </orderedlist>
254      </sect2>
255
256      <sect2 id="project_permission.permissions.plugins">
257        <title>Plug-in permissions</title>
258       
259        <para>
260          Another aspect of the permission system is that plug-ins
261          may also have permissions of their own. The default is that
262          plug-ins run with the same permissions as the user that invoked
263          the plug-in. Sometimes this can be seen as a security risk
264          if the plug-in is not trusted. A malicious plug-in can, for example,
265          delete the entire database if invoked by the root user.
266        </para>
267       
268        <para>
269          An administrator can choose to give a plug-in only those
270          permissions that is required to complete it's task. If the plug-in
271          permission system is enabled for a plug-in the default is to deny
272          all actions. Then, the administrator must assign permissions to
273          the plug-in. There are two variants:
274        </para>
275       
276        <itemizedlist>
277          <listitem>
278            <para>
279            A permission can be granted regardless of if the user that invoked
280            the plug-in had the permission or not. This makes it possible to
281            develop a plug-in that allows users to do things that they normally
282            do not have permission to do directly in the web interface.
283            </para>
284          </listitem>
285         
286          <listitem>
287            <para>
288            A permission can be granted only if the user also has the permission.
289            This is the same as not using the plug-in permission system, except that
290            unspecified permissions are always denied.
291            </para>
292          </listitem>
293        </itemizedlist>
294               
295        <note>
296          Plug-in developers can supply information about
297          the wanted permissions making it easy for the administrator to
298          just check the permissions and accept them with just a single
299          click if they make sense. See <xref linkend="plugins.permissions"/> for more information.
300        </note>
301       
302      </sect2>
303     
304    </sect1>
305   
306    <sect1 id="project_permission.projects">
307      <?dbhtml filename="projects.html" ?>
308   
309      <title>Projects</title>
310     
311      <para>
312        Projects are an important part of BASE and the permission system for several
313        reasons:
314      </para>
315     
316      <itemizedlist>
317        <listitem>
318          <para>
319          They do not require an administrator to setup and
320          use. All regular users may create a project, add items
321          to it and share it with other users. You are in complete
322          control of who gets access to the project, the items it contains
323          and which permission levels to use.
324          </para>
325        </listitem>
326       
327        <listitem>
328          <para>
329          All items in a project are treated as one collection. If a
330          new member joins the team, just give the new person access
331          to the project and that person will be able to access all
332          items in the project.
333          </para>
334        </listitem>
335     
336        <listitem>
337          <para>
338          When you create new items, they are automatically shared
339          using the settings from the active project. There is almost no
340          need to share items manually. All
341          you have to remember is to set an active project, and
342          this is easy accessible from the
343          <link linkend="webclient.intro.menubar">menu bar</link>.
344          </para>
345        </listitem>
346       
347        <listitem>
348          <para>
349          Filter out items that you do not want to see. When you have set
350          an active project you may choose to only see items that are
351          part of that project and no other items
352          (<xref linkend="webclient.itemlist.presets"/>).
353          </para>
354        </listitem>
355       
356        <listitem>
357          <para>
358          It's easy to share multiple items between projects. Items
359          may be part of more than one project. If you create a new
360          project that builds on a previous one you can easily share
361          some or all of the existing items to the new project from one
362          central place, the <guilabel>Items</guilabel> tab on the project's
363          single-item view.
364          </para>
365        </listitem>
366
367        <listitem>
368          <para>
369          It is possible to assign default protocols, software, hardware
370          and other items to a project. This makes it easier when creating
371          new items since BASE will automatically suggest, for example
372          the extraction protocol used when creating a new extract. The default
373          items are also used by the <guilabel>item overview</guilabel>
374          validation functionality, which makes it possible to spot
375          mistakes. See <xref linkend="webclient.itemoverview" />.
376          </para>
377        </listitem>
378   
379      </itemizedlist>
380     
381      <sect2 id="project_permission.projects.create">
382        <title>Creating a project</title>
383     
384        <para>
385          You can list and manage all of your projects by going to
386          <menuchoice>
387            <guimenu>View</guimenu>
388            <guimenuitem>Projects</guimenuitem>
389          </menuchoice>. Use the &gbNew; button to create a new projects.
390        </para>
391       
392      <figure
393        id="project_permission.figures.edit_project">
394        <title>Projects properties</title>
395        <screenshot>
396          <mediaobject>
397            <imageobject>
398              <imagedata
399                fileref="figures/edit_project.png" format="PNG" />
400            </imageobject>
401          </mediaobject>
402        </screenshot>
403      </figure>
404       
405      <helptext external_id="project.edit" 
406        title="Edit project">
407       
408        <para>
409        This tab allows users to enter essential
410        information about a project.
411        </para>
412       
413        <variablelist>
414        <varlistentry>
415          <term><guilabel>Name</guilabel></term>
416          <listitem>
417            <para>
418            The name of the project. We recommend that project names are unique, since
419            at some times it may need to be referenced by name.
420            </para>
421          </listitem>
422        </varlistentry>
423        <varlistentry>
424          <term><guilabel>Default permissions</guilabel></term>
425          <listitem>
426            <para>
427            This setting specify the permissions to give to new items that
428            are created while this project is the active project. The recommended
429            setting is <guilabel>delete</guilabel> permission. Optionally,
430            a permission template may be selected, in which case the permissions
431            are copied from the template to the new item.
432            <nohelp>See <xref linkend="project_permission.templates"/>
433            for more information.</nohelp>
434            </para>
435          </listitem>
436        </varlistentry>
437          <varlistentry>
438          <term><guilabel>Description</guilabel></term>
439          <listitem>
440            <para>
441            A optional description of the project.
442            </para>
443          </listitem>
444        </varlistentry>
445        </variablelist>
446       
447        <seeother>
448          <other external_id="project.edit.members">Project members</other>
449          <other external_id="project.edit.defaults">Default items</other>
450        </seeother>
451       
452      </helptext>
453     
454      </sect2>
455   
456      <sect2 id="project_permission.projects.active">
457     
458        <title>The active project</title>
459       
460        <para>
461          The active project concept is central to the sharing system.
462          You should always, with few exceptions, have a project active
463          when you work with BASE. The most important reason is that
464          new items will automatically be shared using the settings in
465          the active project. This considerably reduces
466          the time needed for managing access permissions. Without an
467          active project you would have to manually
468          set the permission on all items you create. If you have hundreds
469          of items this is a time-consuming and boring task best to be
470          avoided.
471        </para>
472       
473        <para>
474          If you work with multiple projects you will probably find the
475          filtering function that hides items that are not part
476          of the active project to be useful. As a matter of fact, if you
477          try to access an item that is part of another (not active) project
478          you will get an error message saying that you do not have
479          permission to access the item (unless you are the owner).
480        </para>
481     
482        <sect3 id="project_permission.projects.active.set">
483          <title>Selecting an active project</title>
484         
485          <para>
486            Since it's important to always have an active project
487            there are several ways to make a project 
488            the active one.
489          </para>
490         
491          <itemizedlist>
492            <listitem>
493              <para>
494                The easiest way and the one you will probably use most of the time
495                is to use the menu bar shortcut. Look in the menu for the project
496                icon
497                <guiicon>
498                  <inlinemediaobject>
499                    <imageobject>
500                      <imagedata fileref="figures/project.png" format="PNG" />
501                    </imageobject>
502                  </inlinemediaobject></guiicon>.
503                Next to it, the name of the active project is displayed. If you see
504                <guiicon>
505                  <inlinemediaobject>
506                    <imageobject>
507                      <imagedata fileref="figures/no_active_project.png" format="PNG" />
508                    </imageobject>
509                  </inlinemediaobject>
510                </guiicon>
511                <guilabel>no active project</guilabel>
512                here, it means that you have not selected a project to work in. Click on the icon or
513                project name to open a drop-down menu and select a project to set as
514                the active project. If another project is already active it will
515                automatically be inactivated.
516              </para>
517              <para>
518                The most recently used projects are listed first, then the list is filled with the
519                rest of your projects up to a maximum of 15. If you have more projects an option to
520                display the remaining projects is activated.
521              </para>
522              <tip>
523                <para>
524                The sort order of the non-recent projects is the same as the sort order on the
525                projects list page. If you, for example, want to sort the newest
526                project first, select to sort by the <guilabel>Registered</guilabel> 
527                column in descending order on the list page. The menu will automatically
528                use the same order.
529                </para>
530              </tip>
531            </listitem>
532         
533            <listitem>
534              <para>
535              Use the <menuchoice><guimenu>BASE</guimenu>
536              <guisubmenu>Select project</guisubmenu></menuchoice>
537              menu and select the project from the submenu that opens
538              up.
539              </para>
540            </listitem>
541           
542            <listitem>
543              <para>
544              Go to the <link linkend="webclient.intro.homepage">homepage</link>
545              using the <menuchoice><guimenu>View</guimenu>
546              <guisubmenu>Home</guisubmenu></menuchoice> menu and select
547              a project from the list displayed there.
548              </para>
549            </listitem>
550          </itemizedlist>
551         
552          <note>
553            Only one project can be active at a time.
554          </note>
555         
556          <caution>
557            If you change the active project while viewing an item
558            that you no longer has access to in the context of the
559            new project an error message about missing permission
560            will be displayed. Unfortunately, this is all that is displayed
561            and it may be difficult to navigate to a working page again.
562            In the worst case, you may have to go to the login page and
563            login again.
564          </caution>
565         
566        </sect3>
567
568        <sect3 id="project_permission.projects.active.autopermissions">
569          <title>Default permissions for the active project</title>
570         
571          <para>
572            When a project is active all new items you create are automatically
573            shared using the settings from the active project. If the active project
574            has a permission template the permissions from the template are copied
575            to the new item. If the project doesn't have a permission template, the
576            new item is shared to the active project with the configured default
577            level. By default, projects doesn't have a permission template
578            and the default permissions are set to
579            <emphasis>read</emphasis>, <emphasis>use</emphasis>,
580            <emphasis>write</emphasis> and <emphasis>delete</emphasis>. It is
581            possible to change the default permission level by modifying the
582            settings for the project. Simply open the edit-view page for the project
583            and select the permissions you want and save. From now on, all new
584            items will be shared with the specified permissions. Items that are
585            already in the project are not affected by the change.
586          </para>
587        </sect3>
588
589      </sect2>
590       
591      <sect2 id="project_permission.projects.share">
592        <title>How to give other users access to your project</title>
593       
594        <para>
595          First, you will need to open the <guilabel>Edit project</guilabel>
596          dialog. Here is how to do that:
597        </para>
598       
599        <orderedlist>
600          <listitem>
601            <para>
602            Navigate to the single-item view of your project
603            from the <menuchoice><guimenu>View</guimenu>
604            <guisubmenu>Projects</guisubmenu></menuchoice> list.
605            </para>
606          </listitem>
607         
608          <listitem>
609            <para>
610            Click on the &gbEdit;
611            button to open the <guilabel>Edit project</guilabel>
612            dialog.
613            </para>
614          </listitem>
615         
616          <listitem>
617            <para>
618            Switch to the <guilabel>Members tab</guilabel>. From this
619            page you can add and remove users and change the access levels
620            of existing ones.
621            </para>
622          </listitem>
623        </orderedlist>
624       
625        <figure id="project_permission.projects.members">
626          <title>Manage members of a project</title>
627          <screenshot>
628            <mediaobject>
629              <imageobject><imagedata fileref="figures/project_members.png" format="PNG" /></imageobject>
630            </mediaobject>
631          </screenshot>
632        </figure>
633       
634       
635        <helptext external_id="project.edit.members" title="Project members">
636         
637          <variablelist>
638            <varlistentry>
639              <term><guilabel>Members</guilabel></term>
640              <listitem>
641                <para>
642                The members list contains users
643                and groups that are already members of the project. The list
644                shows the name and the permission level. The permission level
645                uses a one-letter code as follows:
646                </para>
647                <itemizedlist>
648                <listitem><guilabel>R</guilabel> = Read</listitem>
649                <listitem><guilabel>U</guilabel> = Use</listitem>
650                <listitem><guilabel>W</guilabel> = Write</listitem>
651                <listitem><guilabel>D</guilabel> = Delete</listitem>
652                <listitem><guilabel>O</guilabel> = Set owner</listitem>
653                <listitem><guilabel>P</guilabel> = Set permission</listitem>
654                </itemizedlist>
655              </listitem>
656            </varlistentry>
657           
658            <varlistentry>
659              <term><guilabel>Permissions</guilabel></term>
660              <listitem>
661                <para>
662                When you select an user or group in the
663                list the current permission will be checked. To change the
664                permissions just check the permissions you want to
665                grant or uncheck the permissions you want to revoke.
666                You may select more than one user and/or group
667                and change the permissions for all of them at once.
668                </para>
669               
670                <note>
671                  <para>
672                  In most cases, you should give the project members
673                  <guilabel>use</guilabel> permission. This will allow a user
674                  to use all items in the project as well as add new items to it.
675                  If you give them <guilabel>write</guilabel> or <guilabel>delete</guilabel> 
676                  permission they will be able to modify or delete all items including
677                  those that they do not own.
678                  </para>
679                  <para>
680                  This rule is valid for all items that are shared to the project
681                  with the default <guilabel>delete</guilabel> permission. Items
682                  that are shared with a lower permission, for example,
683                  <guilabel>use</guilabel>, can be accessed with at most that
684                  permission.
685                  </para>
686                </note>
687               
688              </listitem>
689            </varlistentry>
690           
691            <varlistentry>
692              <term><guibutton>Add users</guibutton></term>
693              <listitem>
694                <para>
695                Opens a popup window that allows you to add
696                users to the project. In the popup window, mark
697                one or more users and click on the &gbOk;
698                button. The popup window will only list users that you have
699                permission to read. Unless you are an administrator, this
700                usually means that you can only see users that:
701                </para>
702                <itemizedlist>
703                  <listitem>
704                    <para>
705                    you share group memberships with
706                    (the <emphasis>Everyone</emphasis> group and groups with hidden members
707                    doesn't count)
708                    </para>
709                  </listitem>
710                  <listitem>
711                    <para>
712                    are members of the currently active project, if any.
713                    </para>
714                  </listitem>
715                </itemizedlist>
716                <para>
717                Users that already have access to the project are not included in the
718                list. If you don't see a user that you want to add to the project,
719                you'll need to talk to an administrator for setting up the proper
720                group membership.
721                </para>
722              </listitem>
723            </varlistentry>
724           
725            <varlistentry>
726              <term><guibutton>Add groups</guibutton></term>
727              <listitem>
728                <para>
729                Opens a popup window that allows you to add
730                groups to the project. In the popup window, mark
731                one or more groups and click on the &gbOk;
732                button. Unless you are
733                an administrator, the popup window will only list groups
734                that you are a member of. It will not list groups that
735                are already part of the project.
736                </para>
737              </listitem>
738            </varlistentry>
739           
740            <varlistentry>
741              <term>&gbRemove;</term>
742              <listitem>
743                <para>
744                Click on this button to remove the selected
745                users and/or groups from the project.
746                </para>
747              </listitem>   
748            </varlistentry>
749          </variablelist>
750         
751         
752          <para>
753            Use the &gbSave; button to save your
754            changes or the &gbCancel; button to
755            close the popup without saving.
756          </para>
757
758        <seeother>
759          <other external_id="project.edit">Project properties</other>
760          <other external_id="project.edit.defaults">Default items</other>
761        </seeother>
762
763        </helptext>
764
765      </sect2>
766     
767      <sect2 id ="project_permissions.project.defaults">
768        <title>Default items</title>
769       
770        <helptext external_id="project.edit.defaults" 
771          title="Default items">
772        <para>
773          A number of default item can be assigned to a project. It is possible to
774          select one raw data type and any number of platforms, variants, protocols,
775          hardware, software and array designs. The default items are used by BASE to
776          suggest default values. The subtype <nohelp>(see <xref linkend="subtypes" />)
777          </nohelp> of each item is used as a filter so that, for example, an extraction protocol is
778          suggested when creating an extract, and a hybridization protocol when creating
779          a hybridization. Use the various <guibutton>Add</guibutton> buttons to add
780          items to the project and the <guibutton>Remove</guibutton> button to remove them.
781        </para>
782       
783        <note>
784          <para>
785          Make sure that the items that are selected as default items also are
786          shared to the project with at least <guilabel>use</guilabel> permission.
787          Otherwise the default items will not show up for other members of the
788          project, which may result in registering incorrect data.
789          </para>
790        </note>
791       
792        <seeother>
793          <other external_id="project.edit">Project properties</other>
794          <other external_id="project.edit.members">Project members</other>
795        </seeother>
796       
797        </helptext>
798       
799        <figure
800          id="project_permission.figures.project_defaults">
801          <title>Project default items</title>
802          <screenshot>
803            <mediaobject>
804              <imageobject>
805                <imagedata
806                  fileref="figures/project_defaults.png" format="PNG" />
807              </imageobject>
808            </mediaobject>
809          </screenshot>
810        </figure>
811       
812      </sect2>
813     
814      <sect2 id="project_permission.projects.items">
815        <title>Working with the items in the project</title>
816       
817        <para>
818        If you go to the single-item view for a project you will find
819        that there is an extra tab, <guilabel>Items</guilabel>, on that
820        page.
821        <figure id="project_permission.images.projecttabs">
822          <title/>
823          <screenshot>
824            <mediaobject>
825              <imageobject><imagedata fileref="figures/project_tabs.png" format="PNG" /></imageobject>
826            </mediaobject>
827          </screenshot>
828        </figure>
829        Clicking on that tab will display a page that is similar
830        to a list view. However there are some differences:
831        </para>
832       
833        <itemizedlist>
834          <listitem>
835            <para>
836            The list is not limited to one type of item. It can display
837            all items that are part of the project.
838            </para>
839          </listitem>
840         
841          <listitem>
842            <para>
843              It support only a limited set of columns (id, name, description,
844              owner and a few more) since these are the only properties that are common
845              among all items.
846            </para>
847          </listitem>
848         
849          <listitem>
850            <para>
851              The list cannot be sorted. This is due to a limitation in the
852              query system used to generate the list.
853            </para>
854          </listitem>
855        </itemizedlist>
856       
857        <note>
858          The list only works for the active project. For all other
859          projects it will only display items that are owned by the
860          logged in user.
861        </note>
862       
863        <para>
864          There are also several similarities:
865        </para>
866       
867        <itemizedlist>
868          <listitem>
869            <para>
870              It supports all of the regular multi-item
871              operations such as delete, restore, share
872              and change owner.
873            </para>
874          </listitem>
875         
876          <listitem>
877            <para>
878              Clicking on the name of the item will take you to the
879              single-item view of that item. Holding down <keycap>CTRL</keycap>,
880              <keycap>ALT</keycap> or <keycap>SHIFT</keycap> while clicking,
881              will open the edit popup.
882            </para>
883          </listitem>
884        </itemizedlist>
885       
886        <tip>
887          <para>
888          This list is very useful when you are creating a
889          new project, in which you want to reuse items from
890          an old project.
891          </para>
892         
893          <itemizedlist>
894            <listitem>
895              <para>
896              Activate the old project and go to this view.
897              </para>
898            </listitem>
899           
900            <listitem>
901              <para>
902                Mark the checkbox for all items that you want to
903                use in the new project.
904              </para>
905            </listitem>
906           
907            <listitem>
908              <para>
909                Click on the &gbShare; button
910                and share the items to the new project.
911              </para>
912            </listitem>
913          </itemizedlist>
914          <para>
915            If you have more than one old project, repeat the
916            above procedure.
917          </para>
918        </tip>
919       
920      </sect2>
921   
922    </sect1>
923   
924    <sect1 id="project_permission.templates">
925      <?dbhtml filename="templates.html" ?>
926      <title>Permission templates</title>
927   
928      <para>
929        A <emphasis>permission template</emphasis> is a pre-defined set of permissions
930        for users, groups and/or projects. The template makes it easy to quickly share
931        items to multiple users, groups and projects, possible with different permissions
932        for everyone. There are three major use-cases were permission templates are useful:
933      </para>
934     
935      <itemizedlist>
936        <listitem>
937          <para>
938          A permission template can be associated with project. When the project is selected
939          as the active project, the permissions from the template are copied to any new items
940          that are created. Note that the new items may or may not be shared with the active
941          project, depending on the settings in the permission template.
942          </para>
943        </listitem>
944        <listitem>
945          <para>
946          Permission templates can be selected in the <link linkend="webclient.items.share">share dialog</link>,
947          making it easier to manually share items to multiple users,
948          groups and projects in just a few clicks.
949          </para>
950        </listitem>
951        <listitem>
952          <para>
953          Permission templates can be used with some batch item importers, making it easier
954          for administrators which only needs a single data file even if the data belong to
955          different projects.
956          </para>
957        </listitem>
958      </itemizedlist>
959     
960      <para>
961        Permission templates are managed from the <menuchoice><guimenu>View</guimenu>
962        <guisubmenu>Permission templates</guisubmenu></menuchoice> menu. The template is
963        a very simple item that only has a name (required) and a description (optional).
964        We recommend that the names of the templates are kept unique, but this is not
965        enforced by BASE. To assign permissions to the template use the
966        <guibutton>Set permissions</guibutton> button. This is the same dialog as the
967        <link linkend="webclient.items.share">share dialog</link>.
968      </para>
969     
970      <note>
971        <title>Permissions are copied</title>
972        <para>
973        When a permission template is used the permissions are <emphasis>copied</emphasis>
974        to the items. Modifications to the template that are made afterwards doesn't
975        affect the permissions for the items on which the template was used.
976        </para>
977      </note>
978    </sect1>
979</chapter>
Note: See TracBrowser for help on using the repository browser.