Admin Permissions Howto

Admin Permissions Howto

Horde

A Webmail-only installation without featuring the Horde portal

Of course, you will have to let IMP handle the authentication:
- In the Administration/Setup menu, choose the Horde (horde) application, then the Authentication tab.
The Horde administrators will need Horde's Administrator menu, so you will need a user group to grant them particular permissions:
- In the Administration/Groups menu, add a new group, say Administrators.
- Add all Horde administrators to that group.
Now you are ready to set the permissions, so ordinary users won't see the Horde portal link:
- In the Administration/Permissions menu, add the new permission: Horde (horde).
- Edit the Horde (horde) entry to grant the following permissions:
  - To all authenticated users: Read, Edit, Delete. (This will remove the sidebar menu entry for Horde.)
  - To the Administrators group: Show, Read, Edit, Delete. (This will retain the sidebar menu entry.)
Remove Horde from the top-bar menu (if it appears there at all):
- As a Horde administrator, open (in the sidebar) the Administration/Setup menu.
- In the Application field, choose the Mail (imp) entry.
  - Under the External Utilities and Menu tab, edit the Menu settings, then click on Generate Mail Configuration.
  - Note: You can, of course, use Turba and Ingo with your Webmail installation; in this case, you will here activate their respective entries for the Imp menu.
- If you have Turba, or Ingo, installed then edit their respective menu settings, in the same way.
Instruct your users on how to set Horde's Global Options, particularly the preferred language:
- In top bar of the Options submenu, in the Edit options for field, choose the Global Options application,
- then, if necessary, klick on the Go button, nearby.
- Note: In German, this bit is particularly confusing, as both Horde's Global Options, and Imp's General Options are termed alike, viz. Allgemeine Einstellungen.
- Note: Alternatively, you could try to include Horde's Global Options with Imp's option menu, by modifying imp/config/prefs.php, but that is beyond the scope of this advice.

Hermes

To allow authenticated users to see the time tracking module you must give at least Show and Read permissions to the "hermes" application

Choose Administration --> Permissions
Click on the All Permissions "keys" icon
When the "Add a child Permission" pane appears, choose the Hermes module
Click the Add button
Click the "notepad" icon to edit the permissions for Hermes
On the default permissions tab, check Show and Read

To allow a user to be able to Review time from other users you must make changes to the hermes permissions. Here are the steps:

Choose Administration --> Permissions
If the Hermes permissions are not yet set, follow the steps above.
Click on the Hermes "keys" icon
When the "Add a child Permission pane appears, choose the Time Review module
Click on the Permissions tab for the user or group that you want check, Show

Turba

A read-only LDAP address book

To allow authenticated users to search the addressbook of your organization (provided it is kept on an LDAP server), and to use the e-mail addresses contained therein to compose messages:

1. Define, in turba/config/sources.php, that addressbook, using sizelimit, export, and browse to prevent large-scale address copying, e. g.:

/** Central E-Mail Directory (read-only) **/
$cfgSources['localldap'] = array('title' => _("E-Mail directory Example Ltd."),
                                 'type' => 'ldap',
                                 'params' => array('server'    => 'ldap.example.com',
                                                   'port'      => '389',
                                                   'tls'       => false,
                                                   'root'      => 'ou=people,o=Example Ltd.,c=com',
                                                   'charset'   => 'utf-8',
                                                   'sizelimit' => 200,
                                                   'scope'     => 'one',
                                                   'version'   => 3),
                                 'map'    => array('__key'     => 'dn',
                                                   'name'      => 'cn',
                                                   'email'     => 'mail'),
                                 'search' => array('name', 'email'),
                                 'strict' => array('dn'),
                                 'export' => false,
                                 'browse' => false);

2. Login to Horde as an administrator, then select the Administration/Permissions menu.

Under All Permissions, add new permission Address Book (turba)
Under Address Book (turba), add new permission Sources (sources)
Under Sources (sources), add new permission E-Mail directory Example Ltd. (localldap)
Edit the added permissions to grant all authenticated users the following rights:
- Address Book (turba): Show, Read, Edit, Delete (This will provide access to turba via the menus.)
- Sources (sources): Show, Read, Edit, Delete
- E-Mail directory Example Ltd. (localldap): Show, Read (This will hide, in the several menus, all editing operations that would otherwise cause weird error messages.)