Admin Permissions Howto
Hermes
To allow authenticated users to see the time tracking module you must give at least Show and Read permissions to the "hermes" application
- Choose Administration --> Permissions
- Click on the All Permissions "keys" icon
- When the "Add a child Permission" pane appears, choose the Hermes module
- Click the Add button
- Click the "notepad" icon to edit the permissions for Hermes
- On the default permissions tab, check Show and Read
To allow a user to be able to Review time from other users you must make changes to the hermes permissions. Here are the steps:
- Choose Administration --> Permissions
- If the Hermes permissions are not yet set, follow the steps above.
- Click on the Hermes "keys" icon
- When the "Add a child Permission pane appears, choose the Time Review module
- Click on the Permissions tab for the user or group that you want check, Show
Turba
A read-only LDAP address book
To allow authenticated users to search the addressbook of your organization (provided it is kept on an LDAP server), and to use the e-mail addresses contained therein to compose messages:
1. Define, in turba/config/sources.php, that addressbook, using sizelimit, export, and browse to prevent large-scale address copying, e. g.:
/** Central E-Mail Directory (read-only) **/
$cfgSources['localldap'] = array( 'title' => _("E-Mail directory Example Ltd.")
, 'type' => 'ldap'
, 'params' => array( 'server' => 'ldap.example.com'
, 'port' => '389'
, 'tls' => false
, 'root' => 'ou=people,o=Example Ltd.,c=com'
, 'charset' => 'utf-8'
, 'sizelimit' => 200
, 'scope' => 'one'
, 'version' => 3
),
, 'map' => array( '__key' => 'dn'
, 'name' => 'cn',
, 'email' => 'mail'
),
, 'search' => array( 'name',
, 'email'
),
, 'strict' => array('dn')
, 'export' => false
, 'browse' => false
);
2. Login to Horde as an administrator, then select the Administration/Permissions menu.
- Under All Permissions, add new permission Address Book (turba)
- Under Address Book (turba), add new permission Sources (sources)
- Under Sources (sources), add new permission E-Mail directory Example Ltd. (localldap)
- Edit the added permissions to grant all authenticated users the following rights:
- Address Book (turba): Show, Read, Edit, Delete (This will provide access to turba via the menus.)
- Sources (sources): Show, Read, Edit, Delete
- E-Mail directory Example Ltd. (localldap): Show, Read (This will hide, in the several menus, all editing operations that would otherwise cause weird error messages.)