OX Permission Level

From Open-Xchange
This information is valid until 7.4.1 (included)

Note: This represents the state of OX6 and AppSuite until v7.4.1. For the newer implementation, see AppSuite: Permission Level.


OX Permission Level Matrix

OX HE/SE/App Suite allows to provide different permission levels to the users.

The levels start with pure webmail-only functionality and end with the full featured groupware product including all connectors and are described in the first table.

  • Webmail contains pure webmail functionality including a private addressbook
  • PIM (Private Information Management) adds private calendar and private tasks, no group or sharing permissions are available
  • PIM + Mobility adds mobile synchronisation to the PIM level
  • PIM + InfoStore adds private InfoStore functionality to the PIM level
  • Groupware Standard includes all group and sharing permissions as well as the InfoStore
  • Groupware Premium adds all external connectors and mobile synchronisation to Groupware Standard

In addition to this levels, OX HE/SE/App Suite contains several functions, which can flexible be used with every level. This functions are described in the second table.


How to read the Matrix

Definition
Mandatory This column defines the options, which must not be changed for this level. This is a technical requirement and necessary for the correct functioning of OX HE/SE/App Suite
Default This column lists the options, which are activated per default for this level
API Parameter Related parameter in the RMI, SOAP and CLT API - described in the Provisioning Documentation
   
and/or Minimum one of this options need to be activated in this level
  Fields in this color define the most important differentiator to the next lower level

Matrix - Permission Levels

This table describes the mandatory parameters for the different permission levels.

OX Base Levels    Functionality Mandatory (technical requirement) Default Requirements / Description   API Parameter
Webmail

Webmail only

Email Check.gif Check.gif     webmail
Contacts Check.gif Check.gif     contacts
             
PIM
Private use only
No sharing, no group functions.
Email Check.gif Check.gif The absence of other features defines this level   webmail
Contacts Check.gif Check.gif   contacts
Calendar Check.gif Check.gif   calendar
Global Addressbook   Cross gray.gif     globaladdressbookdisabled
Tasks   Check.gif     tasks
             
PIM + Mobility
Private use only
No sharing, no group functions
Enabled for mobile synchronization
Email Check.gif Check.gif     webmail
Contacts Check.gif Check.gif     contacts
Calendar Check.gif Check.gif     calendar
USM Check.gif Check.gif     usm
Active Sync and/or Check.gif This defines the level
At least one of these needs to be set
Typically "Active Sync"
  activesync
SyncML and/or Check.gif   syncml (deprecated)
Global Addressbook   Cross gray.gif     globaladdressbookdisabled
Tasks   Check.gif     tasks
           
PIM + InfoStore
Private use only
No sharing, no group functions
Enabled for document storage.
Email Check.gif Check.gif     webmail
Contacts Check.gif Check.gif     contacts
Calendar Check.gif Check.gif     calendar
InfoStore Check.gif Check.gif This combined with the absence of other switches defines the level
  infostore
Global Addressbook   Cross gray.gif     globaladdressbookdisabled
Tasks   Check.gif     tasks
             
Groupware Standard
Full Groupware functionality
Access restricted to Web GUI
Email Check.gif Check.gif     webmail
Contacts Check.gif Check.gif     contacts
Calendar Check.gif Check.gif     calendar
Tasks Check.gif Check.gif     tasks
Shared Folders Check.gif Check.gif This defines the level
All need to be set together
  readcreatesharedfolders
Public Folders Check.gif Check.gif   editpublicfolders
Task Delegation Check.gif Check.gif   delegatetask
Global Addressbook Check.gif Check.gif     globaladdressbookdisabled
InfoStore   Check.gif     infostore
             
Groupware Premium
Full Groupware functionality
All external clients enabled (Mobility, Outlook, Mac)
Email Check.gif Check.gif     webmail
Contacts Check.gif Check.gif     contacts
Calendar Check.gif Check.gif     calendar
Tasks Check.gif Check.gif     tasks
Shared Folders Check.gif Check.gif     readcreatesharedfolders
Public Folders Check.gif Check.gif     editpublicfolders
Task Delegation Check.gif Check.gif     delegatetask
Global Addressbook Check.gif Check.gif     globaladdressbookdisabled
USM Check.gif Check.gif     usm
OLOX2 and/or Check.gif This defines the level
At least one of these needs to be set.
Typically OLOX2 and Active Sync
  olox20
OLOX (Legacy) and/or Check.gif   webdavxml (deprecated)
Active Sync and/or Check.gif   activesync
SyncML and/or Check.gif   syncml (deprecated)
InfoStore   Check.gif     infostore
iCal Access   Check.gif     ical (deprecated)
vCard Access   Check.gif     vcard (deprecated)



Additional Flexible Functions

The following functions can be added flexible to each permission level.

Additional Functions   Default Requirements / Description   API Parameter
Minimum Webmail Collect Emailaddresses Email addresses typed into sent/reveived emails can be saved automatically in a dedicated folder   collectemailaddresses
Edit Password If a plugin to change the own password is installed on the system, it will be displayed in the settings area   editpassword
         
Minimum PIM Multiple Mailaccounts The user can use external IMAP/POP3 Mailaccounts within the OX WebGUI. Starting with 6.20 this can be configured per email service   multiplemailaccounts
Subscriptions The user can subscribe to external/social datasources, like LinkedIN (removed since 7.10.0), XING, Facebook, Gmail, .... Starting with 6.20 this can be configured per subscription service   subscriptions
Publications The user can publish his own data (contacts/documents) for other users in the internet   publication
         
Minimum PIM + InfoStore WebDAV Allows WebDAV access to InfoStore documents; Requires InfoStore   webdav
         
Minimum GW Standard Manage Resources The user is allowed to create and manage resources for the whole company   editresource
Manage Groups The user is allowed to create and manage groups for the whole company   editgroup
         
Minimum GW Premium vCard The user can download all his contacts via the vCard interface   vcard (deprecated)
iCal The user can download all his contacts via the iCal interface   ical (deprecated)