How do I control access to my workspace?
Christopher Brooks, 28 Jan 2011
Last updated: 28 Jan 2011
Based on How do I control access to my workspace? by John Reekie, 15 Jun 1999
Each section of a workspace (the part of the site
devoted to a workgroup, such as its FAQ, forum, and
so on), has a set of access control flags associated
with it. The administrator of a workgroup can set
these flags from the Admin page of that group
according to the degree of access/privacy
needed by the group.
The access control flags are a two-dimensional
grid, where one axis is the region of the
workspace, such as the FAQ or forum, and the other
is the class of user. User classes are as follows:
Users who are not logged into the site. As far as the
server can tell, this could be anyone in the world.
Users who are logged into the site as a member of a group,
but are neither a guest nor member of your group.
- guest. Users who are logged into the site and have
guest membership in your group.
- member. Users who are logged into the site and are
a member of your group.
Users who are logged into the site and are
are administrators of your group.
Any given user has the highest class that
applies to them (where the order is admin, member, guest, site, world in the above list).
As a general rule, higher classes have higher
permissions, where the permissions that can be assigned
to each class of user are as follows:
The flags are as follows:
- Read. The user is able to read these pages.
- Annotate. The user is able to add
annotations to these pages. Annotations are no
- Write. The user is able to add content
to this part of your workspace. For example, a user
with write permission can add an article to your
- Modify. The user is able to modify these
pages (where the user interface permits). For example,
a user with modify permission can edit an article
in the forum. (Note: the author of an article can always
edit it, even if they don't have modify permission
in that part of the workspace.)
- Execute. This is only useful in a few rare
cases, and allows certain destructive operations
that should only be done by an administrator.
When you add a new feature to your workspace, you should
check the access permissions carefully. Here are a couple
- If the workspace is primarily for work in progress,
you may want to make access more restricted, so that
confidential results (for example) are not world-readable.
- If you are a software development group, you may wish
to make access more permissive. Allowing anyone to add to
and annotate your forum and faq can be a valuable source
of feedback from people who are using your software.
We recommend that you err on the side of permissiveness
when setting access permissions -- it is generally
better in a research environment to have
more information flow than less!
Groups with CVS Home Pages
If a group has a CVS home page (Under admin -> Configure Group, "CVS Checkin" is checked), then the home page
visibility has the following effects:
home is world readable: Then a non-logged in user will
see the contents of the CVS repository.
home is not world readable: Then a non-logged
in user will see the contents of the workgroup profile,
which is set by admin -> Group Profile.