[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE:Security
Hello all,
I believe that what Tim is saying is in line with the customer requirements for
a calendaring/scheduling tool.
But I believe that even a little bit more granularity is needed, and I am not
sure if I am going to specifying functionality rather than the standard, but I
would like to propose a couple of additions.
1. After the ViewInvite, I would like to add ViewInviteSubject only, which
would allow only the time and subject of the meeting to be seen, but not the
comments partisipants, location etc.
2 Add an access right called Autoconfirm, a right that would allow all made
request by a set or all calendars to be automatically confirmed. This would be
especially usefull for the resource calendars, that are not managed by someone,
and information related to the meetings is for the participants eyes only.
3. This propably belongs to the event object attributes, but an per event
attribute Private, to make it private and override all the standard above and
below access rights.
Tere, Mika
tim@bitter.owi.com:
> 2. Permission levels permitting or denying access to other calen-
> dars after binding. SWTP recognizes 6 different levels of secu-
> rity here.
>
>
> Full A user is granted full access to another
> persons calendar and may modify schedules as
> if that user.
>
> ViewInvite A user may view another calendar, and invite
> that person to meetings, but may not other-
> wise modify that calendar.
>
> Invite A user may invite another to meetings, and
> determine if that person is available, but
> may not view specific data on that calendar.
>
> ViewOnly A user may view another schedule, but not
> invite that person to meetings.
>
> None A user may not view another calendar, nor
> invite them to meetings.