Diff for AdminPerms between 24 and 25

+ Admin Permissions Howto



++ Horde

+++ A Webmail-only installation without featuring the Horde portal

# Of course, you will have to let IMP handle the authentication:

 * In the Administration/Setup menu, choose the //Horde (horde)// application, then the //Authentication// tab.

# The Horde administrators will need Horde's //Administrator// menu, so you will need a user group to grant them particular permissions:

 * * In the Administration/SetupAdministration/Groups menu, add a new group, say //Administrators//.

 * Add all Horde administrators to that group.

# Now you are ready to set the permissions, so ordinary users won't see the Horde portal link:

 * In the Administration/Permissions menu, add the new permission: //Horde (horde)//.

 * Edit the //Horde (horde)// entry to grant the following permissions:

  * To all authenticated users: Read, Edit, Delete. (This will remove the sidebar menu entry for Horde.)

  * To the //Administrators// group: Show, Read, Edit, Delete. (This will retain the sidebar menu entry.)

# Remove Horde from the top-bar menu (if it appears there at all):

 * As a Horde administrator, open (in the sidebar) the //Administration/Setup// menu.

 * In the //Application// field, choose the //Mail (imp)// entry.

  * Under the //External Utilities and Menu// tab, edit the //Menu settings//, then click on //Generate Mail Configuration//.

  * Note: You can, of course, use Turba and Ingo with your Webmail installation; in this case, you will here activate their respective entries for the Imp menu.

 * If you have Turba, or Ingo, installed then edit their respective menu settings, in the same way.

# Instruct your users on how to set Horde's //Global Options//, particularly the preferred language:

 * In top bar of the //Options// submenu, in the //Edit options for// field, choose the //Global Options// application,

 * then, if necessary, klick on the //Go// button, nearby.

 * Note: In German, this bit is particularly confusing, as both Horde's //Global Options//, and Imp's //General Options// are termed alike, viz. //Allgemeine Einstellungen//.

 * Note: Alternatively, you could try to include Horde's //Global Options// with Imp's option menu, by modifying {{imp/config/prefs.php}}, but that is beyond the scope of this advice.


++ Hermes

To allow authenticated users to see the time tracking module you must give at least Show and Read permissions to the "hermes" application

* Choose Administration --> Permissions

* Click on the All Permissions "keys" icon

* When the "Add a child Permission" pane appears, choose the Hermes module

* Click the Add button

* Click the "notepad" icon to edit the permissions for Hermes

* On the default permissions tab, check Show and Read

To allow a user to be able to Review time from other users you must make changes to the hermes permissions.  Here are the steps:

* Choose Administration --> Permissions

* If the Hermes permissions are not yet set, follow the steps above.

* Click on the Hermes "keys" icon

* When the "Add a child Permission pane appears, choose the Time Review module

* Click on the Permissions tab for the user or group that you want check, Show


++ Turba

+++ A read-only LDAP address book

To allow authenticated users to search the addressbook of your organization (provided it is kept on an LDAP server), and to use the e-mail addresses contained therein to compose messages:

1. Define, in turba/config/sources.php, that addressbook, using {{sizelimit}}, {{export}}, and {{browse}} to prevent large-scale address copying, e. g.:

<code type="php">

/** Central E-Mail Directory (read-only) **/

$cfgSources['localldap'] = array('title' => _("E-Mail directory Example Ltd."),

                                 'type' => 'ldap',

                                 'params' => array('server'    => 'ldap.example.com',

                                                   'port'      => '389',

                                                   'tls'       => false,

                                                   'root'      => 'ou=people,o=Example Ltd.,c=com',

                                                   'charset'   => 'utf-8',

                                                   'sizelimit' => 200,

                                                   'scope'     => 'one',

                                                   'version'   => 3),

                                 'map'    => array('__key'     => 'dn',

                                                   'name'      => 'cn',

                                                   'email'     => 'mail'),

                                 'search' => array('name', 'email'),

                                 'strict' => array('dn'),

                                 'export' => false,

                                 'browse' => false);


2. Login to Horde as an administrator, then select the Administration/Permissions menu.

# Under //All Permissions//, add new permission //Address Book (turba)//

# Under //Address Book (turba)//, add new permission //Sources (sources)//

# Under //Sources (sources)//, add new permission //E-Mail directory Example Ltd. (localldap)//

# Edit the added permissions to grant all authenticated users the following rights:

 * //Address Book (turba):// Show, Read, Edit, Delete (This will provide access to turba via the menus.)	

 * //Sources (sources):// Show, Read, Edit, Delete

 * //E-Mail directory Example Ltd. (localldap):// Show, Read (This will hide, in the several menus, all editing operations that would otherwise cause weird error messages.)