3rd European CAF Event: CAF Inspiring Change
From: 21 October 2009
To: 23 October 2009
From: 29 September 2009
To: 30 September 2009
In order to have better control over the documents and to enforce security in the virtual repository, each document is linked to a set of specific control information which is its access rights. Where shared or private documents are concerned, there are three kinds of operation which have the same constraints relating to access control:
If applied on a file, the operation downloads it and, in the case of a viewable files (text/plain, text/html, image or video), displays it.
These different edit actions are equivalent as regards access rights. Administrators who are authorized to edit a directory can create a subdirectory or upload a file to it, as well as describe or delete it. Users authorized to edit a file can edit it on-line, describe it, replace or remove it.
The control operation is directly linked to the notion of access rights. If we wish documents to be secure, we have to control the access to them. Not everybody must be authorized to do everything to them. Consequently, each document has specific access rights for reading and editing. Performing a control action on a document involves changing its Read/Edit rights.
The control operation has more restrictive access rights than the other two operations. Only the owner of a document, the privileged owner of the list and the administrator has control rights on a document. Another possible control action on a document is therefore specifying who owns it.