Access Control Lists define permissions for users and groups. You can
assign permissions settings for each permission (Login, Administer Server,
Edit Stylesheets, etc.) to users and groups.
Allow vs. Deny
In setting up permissions, you can allow
or deny each permission to each
user or group. Any given user inherits the sum of their Allow permissions
(assigned directly or through a group) minus any permission which has
been denied.
If a permission is not explicitly allowed, it is not granted.
Deny always dominates over
allow. For example, you can specify "Everyone allow login" and
"Visitor deny login". ("Visitor"
is included in the default "Everyone" group). This means that
everyone but Visitors will be allowed to log in.
Important! Deny
is very powerful, and can get you into trouble. You
can lock everyone, yourself included, out of your journal by adding an
"Everyone deny login" permission to the Server Access Control
List. You
can make it impossible for anyone to access server setup (where ACLs are
defined) if you apply an "Everyone deny Administer Server" rule.
If you
do either of these things, you can contact Traction Software support for
a special Owner license. This
license, which is keyed to your journal, enables a special account, called
Owner. Logging
in as Owner with the provided Owner password will let you fix the ACLs
so you can recover access.
Traction will warn you before letting you deny
permissions. Please read the warnings, and think twice before
clicking the apply button.