6.0.0-git
2024-03-28
Last Modified 2008-05-30 by Guest

Attachments

 fchackboys

Admin Permissions Howto

Horde

A Webmail-only installation without featuring the Horde portal

  1. Of course, you will have to let Imp handle the authentication:
    • In the Administration/Setup menu, choose the Horde (horde) application, then the Authentication tab.
    • The Horde administrators will need Horde's Administrator menu, so you will need a particular user group to grant them particular permissions:
      • In the Administration/Setup menu, add a new group, say Administrators.
      • Add all Horde administrators to that group.
    • Now you are ready to set the permissions, so ordinary users won't see the Horde portal:
      • In the Administration/Permissions menu, add the new permission: Horde (horde).
      • Edit the Horde (horde) entry to grant the following permissions:
        • To all authenticated users: Read, Edit, Delete. (This will remove the Sidebar menu and the Horde entry in the top menu.)
        • To the Administrators group: Show, Read, Edit, Delete. (This will retain the Sidebar menu and the Horde entry in the top menu.)
    • Instruct your users on how to set Horde's Global Options, particularly the preferred language:
      • In top bar of the Options submenu, in the Edit options for field, choose the Global Options application,
      • then, if necessary, klick on the Go button, nearby.
      • Note: In German, this bit is particularly confusing, as both Horde's Global Options, and Imp's General Options are termed alike, viz. Allgemeine Einstellungen.

Hermes

To allow authenticated users to see the time tracking module you must give at least Show and Read permissions to the "hermes" application

  • Choose Administration --> Permissions
    • Click on the All Permissions "keys" icon
    • When the "Add a child Permission" pane appears, choose the Hermes module
    • Click the Add button
    • Click the "notepad" icon to edit the permissions for Hermes
    • On the default permissions tab, check Show and Read

To allow a user to be able to Review time from other users you must make changes to the hermes permissions. Here are the steps:

  • Choose Administration --> Permissions
    • If the Hermes permissions are not yet set, follow the steps above.
    • Click on the Hermes "keys" icon
    • When the "Add a child Permission pane appears, choose the Time Review module
    • Click on the Permissions tab for the user or group that you want check, Show

Turba

A read-only LDAP address book

To allow authenticated users to search the addressbook of your organization (provided it is kept on an LDAP server), and to use the e-mail addresses contained therein to compose messages:

1. Define, in turba/config/sources.php, that addressbook, using sizelimit, export, and browse to prevent large-scale address copying, e. g.:


/** Central E-Mail Directory (read-only) **/

$cfgSources['localldap'] = array( 'title' => _("E-Mail directory Example Ltd.")

                                , 'type' => 'ldap'

                                , 'params' => array( 'server'    => 'ldap.example.com'

                                                   , 'port'      => '389'

                                                   , 'tls'       => false

                                                   , 'root'      => 'ou=people,o=Example Ltd.,c=com'

                                                   , 'charset'   => 'utf-8'

                                                   , 'sizelimit' => 200

                                                   , 'scope'     => 'one'

                                                   , 'version'   => 3

                                                   ),

                                , 'map'    => array( '__key'     => 'dn'

                                                   , 'name'      => 'cn',

                                                   , 'email'     => 'mail'

                                                   ),

                                , 'search' => array( 'name',

                                                   , 'email'

                                                   ),

                                , 'strict' => array('dn')

                                , 'export' => false

                                , 'browse' => false

                                );

2. Login to Horde as an administrator, then select the Administration/Permissions menu.

  1. Under All Permissions, add new permission Address Book (turba)
    1. Under Address Book (turba), add new permission Sources (sources)
    2. Under Sources (sources), add new permission E-Mail directory Example Ltd. (localldap)
    3. Edit the added permissions to grant all authenticated users the following rights:
      • Address Book (turba): Show, Read, Edit, Delete (This will provide access to turba via the menus.)
      • Sources (sources): Show, Read, Edit, Delete
      • E-Mail directory Example Ltd. (localldap): Show, Read (This will hide, in the several menus, all editing operations that would otherwise cause weird error messages.)