From the beginning in version 1, cattaDoc had basic access control. Version 2 added enhanced permission control to cattaDoc as an option. From cattaDoc version 6.0 only enhanced permission and access control is included.
Every object in cattaDoc has its own access rights defined by the object´s Access Control List, or ACL. You can define that a certain group of users have author rights to a document, while others only have reader rights or cannot even see it. And this is not limited to documents: It also includes projects, organisations and contact persons.
Access control in cattaDoc is based on on the Unix/Linux security scheme where each object belongs to one group so that you can define access rights for users belonging to this group combined with another set of access rights for all others. The access rights are:
These permissions can be defined for own group and for others, i.e. for all other groups. One typical scenario is where own group has author access and others have reader access.
In addition, all objects have an owner, by default the object creator. The owner can change permissions for the object.
Users belong to one or more groups. For access rights, all the groups are equal. One of the groups, however, are defined as the user's primary group. Objects created by the user inherits by default the user's primary group. This can, however, be changed afterwards.
From the outset cattaDoc users are divided into 3 categories:
These categories define a user's basic permissions.
However, the specific permissions for users in the Readers and Authors categories are limited by an object's access control list. If a user in the Authors category only have read access to a given object, he or she cannot change this object (ie cannot write it). Similarly, if an Authors user have No access to an object, she or he cannot see the object. It will not even be included in searches.
System administrators have read/write/change permissions to all objects in cattaDoc, irrespective of the object's access permissions.
All users in the author or system administrator categories can create new objects.
When you create a new object, the following permission-related data are defined by default:
You can change these things afterwards by clicking on the Access button in the object´s book display, ref. below. Every change in permissions are timestamped and the Initials of the one doing it is also recorded for tracking purposes.
A system administrator can change the standard behavior for the last two default permissions:
Do consider if the default values for the constants suit your needs. If not, change them.
The following criteria defines if a given user can read an existing object, including the object being displayed in search results and in object relations:
The following criteria defines if a given user can update an existing object, including change the object´s relations to other objects:
The following criteria defines if a given user can change an object´s permissions / access rights:
Permissions for a single object can be changed in the Edit [object] Permissions screen, accessible from the object's book screen by clicking the button with the user icon: . Here you can see an example from a document:
At installation, cattaDoc only contains one permission group: Everyone.
System administrators can create new groups by selecting Permission Groups in the System administration menu under User Administration. Here you can also inactivate groups.
There is a special input element to the user administration form in System administration: Assign permission groups to user XYZ. It has two parts:
Only assigned groups can be selected as primary group. I.e. you have to save group assignments before defining primary group.