2.4 Managing Roles to Refine Access Control

Novell Vibe uses role-based access control. Each default role contains specific rights. If you want a particular user to have certain rights, you can assign that user to the appropriate role. For a list of all the default access roles that are included in Vibe, see Default Roles in the Novell Vibe OnPrem 3.1 Advanced User Guide.

If you find that the existing roles do not meet the needs of your organization, you can modify them or create new ones. This can be particularly useful if you want to delegate the administration of sub-workspaces and sub-folders, and if you do not want to grant all of the privileges that come with the Workspace and Folder Administration role.

Vibe also enables you to delete roles that are no longer useful to your organization.

2.4.1 Defining a New Role

  1. Log in to the Vibe site as the Vibe administrator.

  2. Click the Administration icon Configure Access Control for a zone in the upper right corner of the page.

    The Administration page is displayed.

  3. Under System, click Configure Role Definitions.

    Configure Role Definitions page
  4. Click Add a New Role.

    Configure Role Definitions page with Add options
  5. In the Role Name field, specify a name for the new role, then select all of the rights that you want members of this role to be able to perform.

  6. In the Role Scope drop-down list, select whether you want this new role to be available for workspaces or folders, or for entries.

  7. (Optional) In the Role Conditions field, select the role condition that you want to associate with this role.

    Role conditions enable you to restrict what information users can access when they are outside your corporate firewall. For more information, see Section 2.5, Restricting Access Rights of Users Outside the Firewall.

  8. Select the rights that you want to be associated with this role.

    For information about each right that you can select, see Section 2.4.4, Understanding the Various Rights for Roles.

  9. Click Add, then click Close.

    The role is added to the list of existing roles. If you added this role to control access to entries, the role is automatically made available on the access control page. If you added this role to control access to workspaces and folders, Vibe users can now add this role to the Access Control table, as described in Adding Roles to the Access Control Table in the Novell Vibe OnPrem 3.1 Advanced User Guide.

2.4.2 Modifying Existing Roles

  1. Log in to the Vibe site as the Vibe administrator.

  2. Click the Administration icon Configure Role Definitions page with Add options in the upper right corner of the page.

    The Administration page is displayed.

  3. Under System, click Configure Role Definitions.

    Configure Role Definitions page
  4. In the Currently Defined Roles section, click the role that you want to modify.

  5. Select the rights that you want members of this role to be able to perform, and deselect the rights that you don’t want them to be able to perform.

    For information about each right that you can select, see Section 2.4.4, Understanding the Various Rights for Roles.

  6. Click Apply, then click Close.

2.4.3 Deleting Existing Roles

  1. Log in to the Vibe site as the Vibe administrator.

  2. Click the Administration icon Configure Role Definitions page in the upper right corner of the page.

    The Administration page is displayed.

  3. Under System, click Configure Role Definitions.

    Configure Role Definitions page
  4. In the Currently Defined Roles section, click the role that you want to delete.

  5. Click Delete, then click Close.

2.4.4 Understanding the Various Rights for Roles

Roles are made up of various rights. Default roles have a set of default rights that are associated with them. When you modify a default role, you remove existing rights and add other rights. When you create a custom role, you create a new name for a role and then associate rights with the new role.

Some rights apply only to workspaces and folders, and some apply only to entries. If you associate a right with a role, and then assign users to that role in a workspace, then by default that role applies to all folders and entries in the workspace. For example, if you associate the Delete Entries right with a role in a workspace and assign that role to all users, then all users can delete any entry in the workspace.

Following is the list of rights you can choose from when modifying or creating a role. You cannot create new rights in Vibe.

Right

Function

Add Comments or Replies

Can add comments or replies to entries.

Add Folders

Can add folders to workspaces and folders.

Add Workspaces

Can add workspaces to existing workspaces.

Change Access Control

Can modify the access control settings of workspaces, folders, or entries.

Create Entries

Can create entries.

Create Entry-Level Access Controls

Can change access control settings for all entries that are contained in a workspace or folder.

Delete Entries

Can delete entries.

Delete Owned Entries

Users can delete only the entries they own in a workspace or folder.

Design Entries

Users can design their own custom entries by using the Form and View Designers tool, as described in Designing Custom Folder Entry Forms in the Novell Vibe OnPrem 3.1 Advanced User Guide.

Design Workflows

Users can design their own custom workflows by using the Form and View Designers tool, as described in Creating and Managing Workflows in the Novell Vibe OnPrem 3.1 Advanced User Guide.

Generate Reports

Users can generate reports. For more information about generating reports in Vibe, see Generating Activity Reports for a Workspace, Generating an Activity Report on a Folder, and Generating Reports about a Folder Entry in the Novell Vibe OnPrem 3.1 User Guide.

Manage Global Tags

Users can manage community tags, as described in Using Tags in the Novell Vibe OnPrem 3.1 User Guide.

Modify Entries

Can modify entries.

Modify Entry Fields

Users can modify only a specific field in an entry. This is useful if you have an entry that is associated with a workflow, and you want only certain users to modify certain fields in the entry.

Modify Owned Entries

Users can modify only the entries they own in a workspace or folder.

Modify, Move, or Delete Folders and Workspaces

Users can modify, move, or delete a folder or workspace.

Owner Create Entry-Level Access Controls

Users can change the access control settings only for the entries they own in a workspace or folder.

Read Entries

Can read entries.

Read Owned Entries

Users can read only the entries they own in a workspace or folder.

View Binder Title

Enables users who have access to an entry, but do not have access to the parent workspace or folder, to navigate to the entry by using the Workspace tree, as described in Navigating the Workspace Tree in the Novell Vibe OnPrem 3.1 User Guide.

This right is disabled by default, and is not available to assign to any role. For information on how to enable this right and make it available, see Section 2.8, Enabling Users to Access Entries via the Workspace Tree When They Do Not Have Access to the Parent Folder or Workspace.