Announcement

Collapse
No announcement yet.

OXSE 6.14 rev 8 - cannot change permissions on Global Address Book

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • OXSE 6.14 rev 8 - cannot change permissions on Global Address Book

    Until OXSE 6.14 rev 6 I was able to switch ENABLE_INTERNAL_USER_EDIT flag (in foldercache.properties) to FALSE in order to prevent users from modifying their personal vCard in the Global Address Book.
    Furthermore, the context administrator was able to edit the folder permissions and change, for a restricted number of users, the "modify" right from "none" to "own" or "all".

    With OXSE 6.14 rev 8, turning ENABLE_INTERNAL_USER_EDIT to FALSE has the same effect as before (all users, by default, cannot modify their personal vCard) but now, when the context administrator tries to edit folder permissions, the following error is displayed:
    "Error: Only the folder visibility permission is allowed to be changed for Global address book in context 1. (FLD-0081, -125920749-379)".

    Why this restriction has been implemented?
    My requirement is to limit Global Address Book changes (user vCards) to a restricted number of OX users: with previous version, Global Address Book permissions are editable by the context administrator so I could implement this use case, but now I cannot customize those permissions.

    Are you planning to support some kind of permission management on the Global Address Book?

  • #2
    Hi,

    this might have been introduced by fixes documented at the changelog (http://software.open-xchange.com/OX6...2009-12-15.pdf)
    The only supported permission model for the global address book is on or off. This has been introduced with 6.14 together with an user API which allows operating without displaying or even using the global address book. Before 6.14 the global address book was source for contacts as well as users.

    Greetings

    Comment


    • #3
      Thanks Martin
      So, for Global Address Book the available options are:
      - turn it completely off for a specific user (--access-global-address-book-disabled)
      - make it read-only for all users (ENABLE_INTERNAL_USER_EDIT)

      Users within a context are able to "see" each other, so they can create appointments and tasks with all of them (and send emails, of course). If access-global-address-book-disabled is changed to 'true' for a specific user, he cannot "see" other users within his own context, isn't it?

      I guess it is not possible to "split" Global Address Book into sub-address books in order to group users together and limit visibilities between them. If I want to limit visibilities between two users, I have to put them into two different OX contexts, isn't it?

      Merry Christmas

      Comment


      • #4
        It's not possible to split the global address book, but you're free to add this as a enhancement to our bugtracker.

        Happy Holidays

        Comment

        Working...
        X