fchackboys- Admin Permissions Howto
[[toc]]
++ Horde
+++ A Webmail-only installation without featuring the Horde portal
Of course, you will have to let Imp handle the authentication:
- In the Administration/Setup menu, choose the //Horde (horde)// application, then the //Authentication// tab.
The Horde administrators will need Horde's //Administrator// menu, so you will need a user group to grant them particular permissions:
-
In the Administration/Setup menu, add a new group, say //Administrators//.
-
Add all Horde administrators to that group.
Now you are ready to set the permissions, so ordinary users won't see the Horde portal:
-
In the Administration/Permissions menu, add the new permission: //Horde (horde)//.
-
Edit the //Horde (horde)// entry to grant the following permissions:
-
To all authenticated users: Read, Edit, Delete. (This will remove the Horde entry in the top menu and the entire sidebar menu, leaving more room for the Webmail display.)
-
To the //Administrators// group: Show, Read, Edit, Delete. (This will retain the Sidebar menu and the Horde entry in the top menu.)
Instruct your users on how to set Horde's //Global Options//, particularly the preferred language:
-
In top bar of the //Options// submenu, in the //Edit options for// field, choose the //Global Options// application,
-
then, if necessary, klick on the //Go// button, nearby.
-
Note: In German, this bit is particularly confusing, as both Horde's //Global Options//, and Imp's //General Options// are termed alike, viz. //Allgemeine Einstellungen//.
-
Note: Alternatively, you could try to include Horde's //Global Options// with Imp's option menu, by modifying {{imp/config/prefs.php}}, but that is beyond the scope of this advice.
++ Hermes
To allow authenticated users to see the time tracking module you must give at least Show and Read permissions to the "hermes" application
-
Choose Administration --> Permissions
-
Click on the All Permissions "keys" icon
-
When the "Add a child Permission" pane appears, choose the Hermes module
-
Click the Add button
-
Click the "notepad" icon to edit the permissions for Hermes
-
On the default permissions tab, check Show and Read
To allow a user to be able to Review time from other users you must make changes to the hermes permissions. Here are the steps:
-
Choose Administration --> Permissions
-
If the Hermes permissions are not yet set, follow the steps above.
-
Click on the Hermes "keys" icon
-
When the "Add a child Permission pane appears, choose the Time Review module
-
Click on the Permissions tab for the user or group that you want check, Show
++ Turba
+++ A read-only LDAP address book
To allow authenticated users to search the addressbook of your organization (provided it is kept on an LDAP server), and to use the e-mail addresses contained therein to compose messages:
- Define, in turba/config/sources.php, that addressbook, using {{sizelimit}}, {{export}}, and {{browse}} to prevent large-scale address copying, e. g.:
/** Central E-Mail Directory (read-only) **/
$cfgSources['localldap'] = array('title' => _("E-Mail directory Example Ltd."),
'type' => 'ldap',
'params' => array('server' => 'ldap.example.com',
'port' => '389',
'tls' => false,
'root' => 'ou=people,o=Example Ltd.,c=com',
'charset' => 'utf-8',
'sizelimit' => 200,
'scope' => 'one',
'version' => 3),
'map' => array('__key' => 'dn',
'name' => 'cn',
'email' => 'mail'),
'search' => array('name', 'email'),
'strict' => array('dn'),
'export' => false,
'browse' => false);
- Login to Horde as an administrator, then select the Administration/Permissions menu.
Under //All Permissions//, add new permission //Address Book (turba)//
Under //Address Book (turba)//, add new permission //Sources (sources)//
Under //Sources (sources)//, add new permission //E-Mail directory Example Ltd. (localldap)//
Edit the added permissions to grant all authenticated users the following rights:
-
//Address Book (turba):// Show, Read, Edit, Delete (This will provide access to turba via the menus.)
-
//Sources (sources):// Show, Read, Edit, Delete
-
//E-Mail directory Example Ltd. (localldap):// Show, Read (This will hide, in the several menus, all editing operations that would otherwise cause weird error messages.)