Title: Using the Server ACL Editor Intro

Overview of the Server ACL Editor



The Server ACL Editor allows you to grant the following permissions to any user or group, whether defined in Traction or in an external directory:

Permission

Description

Login

If login is allowed, the user is (or group members are) allowed to log in to Traction. For users defined in external directories, a Traction profile is created for each user the first time that user logs in.

If login is denied, the named user or group will not be allowed to login.

This permission should be granted to everyone that you want to have access to a Traction profile and not granted or denied to everyone else.

Server Setup

Controls who is allowed to access the Server Setup views.

Should only be granted to the people responsible for maintaining your Traction installation.

Edit Stylesheets

Governs access to Traction's built-in stylesheet editor, which allows users to customize the color scheme and layout of the default Ocean skin.

This permission should generally be granted to Everyone, except in cases where you want to prevent users from customizing stylesheets.

Modify /pub Folder

Controls who is allowed to add, remove, or change files stored in Traction's /pub folder. The contents of the /pub folder are visible to everyone without requiring login, but only users with this permission can control its contents.

Should only be granted to the people responsible for maintaining your Traction installation, and people with an established need to post non-permissioned content (for example, Flash or Quicktime movies referred to in Traction articles) for the general public.

Modify System Folders

System Folders refer to folders where Traction's configuration files are stored. By enabling users to modify these folders, certain configuration changes, such as uploading skin files, can be accomplished remotely.

Should only be granted to the people responsible for maintaining your Traction installation.

Modify Account

If allowed, user is allowed to edit preferences and other account settings. Otherwise, the My Account link does not appear and access to the pages are not granted.

This permission should generally be granted to Everyone.

Access Address Book

Governs access to functions that may disclose a list of users. If allowed, the covered users will be able to access the following functions:

Visibility, which shows what users can read a given article once it has been posted.

Email Address Completion; Traction's outgoing mail forms do completion against Traction's built-in users and against users with email addresses listed in Active Directory. Email address completion is also enabled on the Advanced Search form.

We recommend that this permission be granted to internal users, but not to Visitor or guests (like customers) in order to prevent disclosure of email addresses.

Send Diagnostic Feedback

Controls what information is included in the feedback form that appears at the bottom of the page or when an error is encountered.

If allowed, Full feedback is sent. Otherwise, only Brief feedback is sent. Click the permission name to see an example of Full and Brief details.

For private applications, we recommend that this permission be granted to Everyone. For applications where Traction serves the general internet community, we recommend denying Visitor this permission, in order to prevent hackers from determining the type and version of your host operating system.

Email Out

Controls who is allowed to email articles out of Traction using the Email Articles feature. Note that, naturally, there is no way to prevent users from copying content from Traction into their email clients.

Export

Controls who is allowed to export article content to PDF, WordML, etc. using the Export Articles feature.



Tour of the ACL Editor



The first section lists the users and groups for whom permissions have been configured.

One user or group at a time can be selected. The permissions for the selected user or group appear in the Permissions panel underneath.

When a user or group is selected, clicking the Show Details link in the top-right will pop up a window showing the administrative details for the user. The details window for groups shows the group membership.

You can remove the selected user or group by clicking the remove button.

You can add a user or group by clicking the corresponding add button.

The Permissions list has three columns. The first names the permission. The next two columns have checkboxes that either allow or deny the permission. Only one of these can be checked at a time. If neither is checked, the permission defaults to not granted, except during failsafe mode: if no Login permissions have been defined, Everyone is allowed to login, and if no Administer Server permissions have been defined, Everyone can administer the server.

The Effective Permissions link lets you specify a user or group and show the result of applying the entire Access Control List to that user. This can be used to preview permissions for users who have not yet logged in and for whom no Traction profile yet exists.

After modifying the page, the Reset and Apply buttons become activated and the Effective Permissions button becomes deactivated.

Clicking Reset throws away all edits you have made and displays the active ACL.

Clicking Apply activates the ACL and re-enables the Effective Permissions button.

Sample User Details Window



\

Sample Group Details Window





Sample Effective Permissions Window



If a permission has been granted, it shows with a green checkbox. If denied, it shows with a red X. If the permission has been neither granted nor denied, the box is blank, and the permission is not granted.







Attachments:
image405.gif
image332.jpg
image831.jpg
image335.jpg
image336.jpg
image338.jpg
Related Articles
Article: Doc319 (permalink)
Date: March 22, 2008; 4:26:05 PM EDT
Author Name: Documentation Importer
Author ID: importer