Marketing 101. Consulting 101. PHP Consulting. Random geeky stuff. I Blog Therefore I Am.
|Home||FuzzyGroup||About Us||Our Services|
Understanding The Owl Document Management Permissioning Model
Owl is a Open Source document management system (download link at the end of this document) written in PHP that my company, the FuzzyGroup, recently installed for a client. The client asked us for additional documentation on the permissioning model that Owl uses and rather than write it solely for this client, we thought it better to blog the information for permanent reference. To be specific, our client asked us:
There are a lot of options to chose from under restrictions when uploading. Could you explain some of the terms you used. i.e. write? Does that mean you can write on the downloaded document? Could you please just clarify the options and which ones are best?
Users, Groups and Permissions
The first thing to understand about Owl is that it has its own Users, Groups and Permissions. Although it is normally used on Unix systems in a hosted environment, it doesn't share Unix users, groups or permissions. Instead it has its own user and group model as follows:
- To use the system you must be a user although there is now (as of version 0.7) an anonymous user
- Every user belongs to at least one group, the Primary group
- Every user can also belong to additional groups, "Member Groups"
When you add a user to the system, you see a screen like this:
Groups are simply collections of users and they are non-hierarchical. In addition to groups that you create yourself there is also an Administrators group as well as an administrative user. Members of the Adminstrators group can override all permission options described below.
Permissions and Uploading Files
All files within Owl are owned by either a user or a group depending on how the permissions are set when the file is uploaded. When the user uploads a file they see a screen similar to that below:
The drop down list "Permissions" defines what a user in the system can do once the file has been submitted. There are four basic concepts:
- Read – the ability to access a document within the system. If you can't access a document then you can't do anything with it.
- Write – the ability to update or change a document within the system such as uploading a new version, checking it out, checking in a new version, editing its properties such as title or keywords.
- Delete – the ability to remove a document from the system.
- Download – the ability to transfer the document to your local system.
The different permission options along with comments on their user are (the option shown to the user is the 1st bulletted item and the description is on the second line):
Everyone can read/download
i.e. unrestricted viewing access – anyone with access to Owl can read or download this document
Everyone can read/write/download
i.e. totally unrestricted access – anyone with access to Owl can rad or download or change this document
The selected group can read/download
i.e. anyone in the group can read it or download it
The selected group can read/write/download
i.e. anyone in the group can read it or download it
Only you can read/download/write
i.e. the document is private to you – only you can read, change or download it
The selected group can read/write/download, No Delete
i.e. anyone in the group can read it, change it or download it BUT they cannot delete it
Everyone can read/write/download, No Delete
i.e. anyone can read it, change or update it and download it but NOT delete it
The selected group can read/write/download & everyone else can read
i.e. anyone in the group can read, change or download it and anyone else with access to Owl can read it
The selected group can read/write/download (No Delete) and everyone elese can read
i.e. anyone in the group can read it, change it or download it but they cannot delete it and anyone else with access to Owl can read it
Which Permission Option is Best?
Answering the question of which permission option is "best" is unfortunately like answering "how high is up". The answer is, of course, it depends. However if we look at some examples it may be more clear:
You are writing a report for work and you are the sole author. You are about to leave for vacation and you want to make your incomplete work to date available to coworkers. You intend to finish the project when you return. I would submit this as "The selected group can read/download". This gives people access to it but doesn't allow anyone else to change it in the system.
You are the boss of your workgroup and you have a new policy you want to make available but it isn't finished yet. Still you don't want it solely on your hard drive. I would submit this as Only you can read/download/write. This ties it to yourself and lets you access it from home but doesn't give access to anyone else.
You write a regular status report and need to check in a template for others on your team to use. I would submit this as Everyone can read/write/download, No Delete. This gives people the ability to update the template but not delete it. If others shouldn't be able to update the template then I'd use The selected group can read/download.
The Owl Document Management system offers an easy to use web based document management system with a flexible and powerful set of user, group and permission options.
The FuzzyGroup offers web development, site creation, PHP consulting and implementation services centered around Open Source applications. Not only are we able to install and host the Owl Document Management System but also the Drupal portal / blogging engine, Squirrel Mail web based email complete with Spam Assassin spam detection, Web Calendar multi-user web based calendaring and more. See our site at www.fuzzygroup.com for more on our services.
More on Owl / Downloading Owl
Owl can be downloaded from SourceForge here.
This Page was last update: 4/6/2003; 3:14:02 AM
Copyright 2003 The FuzzyStuff
Theme Design by Bryan Bell