2.2 Understanding the Implications of Access Control

In simplest terms, access control settings determine what users can see and do in each workspace or folder. However, because your Novell Teaming site is a hierarchy of workspaces and folders and because access control settings can be inherited (or not), access control settings affect a variety of Teaming features:

2.2.1 Inheritance

When you create a new workspace, it defaults to the inheritance setting of its parent workspace.

  • If you create a new workspace under an existing workspace that is inheriting its access control settings from its parent, the new workspace continues the inheritance chain. If you change any access control settings above the new workspace at a later time, the access control settings for the new workspace also change. Global workspaces inherit access control settings from the parent workspace by default.

  • If you create a new workspace under an existing workspace that has locally defined access control settings, the new workspace retains those locally defined settings.

If you move a workspace that is inheriting its access control settings from its original parent workspace, it inherits the access control settings of the new parent workspace into which it is moved. If the new parent workspace has different settings than the original parent workspace, then the access control settings for the moved workspace change accordingly.

2.2.2 Navigation

Sub-workspaces and sub-folders should not permit access to users or groups that do not have access to the higher-level workspaces, for the following reasons:

  • Users cannot see the workspace, even though they have appropriate rights.

    Users browsing in the Workspace tree (or in a Workspace Tree accessory) for the sub-workspace or sub-folder that they have been granted access to are not able to see the workspace, because Teaming does not permit them to see the parent workspace that they do not have access to. Users can still access the workspace using the Find or Search feature.

  • Users can see the name of a higher-level workspace, even though they do not have appropriate rights.

    Users who use the Find or Search feature to locate the sub-workspace or sub-folder that they have been granted access to, then view the sub-workspace or sub-folder, are then able to see the name of the parent workspace, which they otherwise would not be able to see. However, they can see only the workspace name, not the contents of the workspace.