The BSCW role concept

Roles are sets of actions that are allowed for the holder of a role. Users may be assigned one or more roles for an object at the same time. When a user holds one role with respect to an object, she may execute an action on the object if and only if the role includes that action. When a user holds multiple roles for an object, she may execute the actions contained in the union of all roles.

Inheritance of access rights: the scope of a role

To avoid explicit role assignment whenever a new object is created, role definitions and as­signments are inherited along the folder hierarchy. When a user, e.g., creates a subfolder, this subfolder inherits the member group of the parent folder including all role assignments.

The scope of a role is the object for which a user holds that role and everything inside the object, unless and until the user is re-assigned another role.

Note: Though this principle is also true for personal containers like the user’s home folder, clip­board or trash, the user’s default role in these special containers is not inherited to shared fol­ders which are contained therein.

An example

You are by default the Manager of your home folder and of all objects and all subfolders therein. The default role Manager is inherited to your home folder’s scope.

We now assume, that you are invited to a shared folder called ‘Project Documentation’. The Manager of this workspace invites you in the role Guest in order to assign only restricted ac­cess rights to you, e.g. only read access. You now hold the Guest role for the entire ‘Project Documentation’ folder and its contents.

On the other hand, the shared folder ‘Project Documentation’ appears at the top level of your home folder where you are Manager. What roles will you play in ‘Project Documentation’? If the role Manager were inherited from your home folder to ‘Project Documentation’, you would be both Manager and Guest. This would be technically feasible, but most likely not what your host intended. Therefore the personal containers like the home folder, clipboard and trash inherit their role assignments only to private folders, but not to shared folders. Shared folders inherit role definitions and assignments only from other shared folders.

Extended access rights for the BSCW administrator

BSCW administrators may always assign and redefine roles (actions action menu  Access    Assign Role  and action menu  Access    Edit Role ) on all folders, independent of their membership. Be­sides, they may open all folders and may execute action menu  Info  for all objects.

Because of the extensive rights that a BSCW administrator has (and must have), the property of being an administrator is not a role in the sense of the BSCW role concept and conse­quently cannot be manipulated via the BSCW user interface.