As a file system, LibreSource manage permissions
on the resource tree.
The security is based on ACLs (Access Control List). Each node of the tree has a list of acls
, which gives permission(s) to an other resource, typically user or group of users.
This list can be consulted with the security
link in the menu of the node.
- The LibreSource security page
In this page, you can see :
- the availables permissions list for this kind of resource
- the table of existing acls for the resource.
- the owner of the resource
The user who creates a resource is its owner. He has all the permissions on this resource. He is the one who can edit the security of the resource and give permissions to other users or groups of users. Ownership can be set to a group in order to allow a set of users to change the resource rights.
The acls give one or several permission(s) to a user or a group. The list of availables permissions depends of the kind of resource binded on the node. There are 4 generic permissions :
- READ : allow user to view the resource
- CREATE : allow user to create new resource under the current node
- UPDATE : allow user to modify the resource values
- DELETE : allow user to delete the resource
But others permissions could be available depending of the type of the resource. For example, for a Download Area
, there is a "UPLOAD" permission to allow users to add new files.
See each specific resource
documentation to know the available permission.
In the basic LibreSource installation, users are created through a classical registration process. The user fills a form with a login, his name, his password, his email address and a jabber ID (not mandatory). Then the new user is stored in a local base, and a node representing him is created at node /users/login
. Thus, users are identified by this URI.
- A User page
If you need to know the id of a user (for add him in a group for example), you can go to the Users list
- The Users page
Here is displayed all users informations.
In the standart edition of LibreSource, the user base is the local database. Advanced version allow to use existing bases of users for authentification and right management (Ldap or NIS).
A group is a resource which store a list of users and/or groups. As all resources, the groups are identified with their URI (for example, /groups/managers
). Of course, a group can contains other(s) group(s) in order to have hierachical security policy.
- A group
The default security policy is defined as follow :
- Unauthentified users are seen as /users/guest User.
- Authentified Users are members of the /groups/all Group.
- A /groups/observers Group is defined. Members of this group have read access on all platform. They can also create new project under /projects node.
- A /groups/managers Group is defined. Members of this group manage the entire platform. They have all permissions.
- The /users/root is a SuperUser. He has always all permissions on all resources.
If you want to provide anonymous access to the platform, you should add /users/guest
as member of the /groups/observers
Group.Only owner of a resource can manage its security