Before you begin configuring access control settings for your Novell Vibe site, it is important that you understand how access control works in Vibe.
For background information about Vibe access control, see Controlling Access
in the Novell Vibe OnPrem 3 Advanced User Guide.
In simplest terms, access control settings determine what users can see and do in each workspace or folder. However, because your Novell Vibe site is a hierarchy of workspaces and folders and because access control settings can be inherited (or not), access control settings affect a variety of Vibe features:
When you create a new workspace, it defaults to the inheritance setting of its parent workspace.
If you create a new workspace under an existing workspace that is inheriting its access control settings from its parent, the new workspace continues the inheritance chain. If you change any access control settings above the new workspace at a later time, the access control settings for the new workspace also change. Global workspaces inherit access control settings from the parent workspace by default.
If you create a new workspace under an existing workspace that has locally defined access control settings, the new workspace retains the locally defined settings.
If you move a workspace that is inheriting its access control settings from its original parent workspace, it inherits the access control settings of the new parent workspace into which it is moved. If the new parent workspace has different settings than the original parent workspace, the access control settings for the moved workspace change accordingly.
Sub-workspaces and sub-folders should not permit access to users or groups that do not have access to the higher-level workspaces, for the following reasons:
Users cannot see the workspace, even though they have appropriate rights.
Users browsing in the Workspace tree (or in a Workspace Tree accessory) for the sub-workspace or sub-folder that they have been granted access to are not able to see the workspace, because Vibe does not permit them to see a parent workspace that they do not have access to. Users can still access the workspace using the Find or Search feature.
Users can see the name of a higher-level workspace, even though they do not have appropriate rights.
Users who use the Find or Search feature to locate the sub-workspace or sub-folder that they have been granted access to, then view the sub-workspace or sub-folder, are then able to see the name of the parent workspace, which they would otherwise not be able to see. However, they can see only the workspace name, not the contents of the workspace.