UC Berkeley Robotics and Intelligent Machines Lab
Editing group pages, and other forms of rocket science
Previous section  |  This section  |  Next section
Previous question  |  This question  |  Next question

How do I control access to my workspace?
Christopher Brooks, 6 May 2014
Last updated: 6 May 2014

Based on How do I control access to my workspace? by John Reekie, 15 Jun 1999

Each section of a workspace (the part of the site devoted to a workgroup, such as its FAQ, forum, and so on), has a set of access control flags associated with it. The administrator of a workgroup can set these flags from the Admin page of that group according to the degree of access/privacy needed by the group.

The access control flags are a two-dimensional grid, where one axis is the region of the workspace, such as the FAQ or forum, and the other is the class of user. User classes are as follows:

  • world. Users who are not logged into the site. As far as the server can tell, this could be anyone in the world.
  • site. Users who are logged into the site as a member of a group, but are neither a guest nor member of your group.
  • guest. Users who are logged into the site and have guest membership in your group.
  • member. Users who are logged into the site and are a member of your group.
  • admin. Users who are logged into the site and are are administrators of your group.

Any given user has the highest class that applies to them (where the order is admin, member, guest, site, world in the above list). As a general rule, higher classes have higher permissions, where the permissions that can be assigned to each class of user are as follows:

The flags are as follows:

  • Read. The user is able to read these pages.
  • Annotate. The user is able to add annotations to these pages. Annotations are no longer used.
  • Write. The user is able to add content to this part of your workspace. For example, a user with write permission can add an article to your forum.
  • Modify. The user is able to modify these pages (where the user interface permits). For example, a user with modify permission can edit an article in the forum. (Note: the author of an article can always edit it, even if they don't have modify permission in that part of the workspace.)
  • Execute. This is only useful in a few rare cases, and allows certain destructive operations that should only be done by an administrator.
When you add a new feature to your workspace, you should check the access permissions carefully. Here are a couple of tips:
  • If the workspace is primarily for work in progress, you may want to make access more restricted, so that confidential results (for example) are not world-readable.
  • If you are a software development group, you may wish to make access more permissive. Allowing anyone to add to and annotate your forum and faq can be a valuable source of feedback from people who are using your software.
We recommend that you err on the side of permissiveness when setting access permissions -- it is generally better in a research environment to have more information flow than less!

Groups with CVS Home Pages

If a group has a CVS home page (Under admin -> Configure Group, "CVS Checkin" is checked), then the home page visibility has the following effects:

home is world readable: Then a non-logged in user will see the contents of the CVS repository.

home is not world readable: Then a non-logged in user will see the contents of the workgroup profile, which is set by admin -> Group Profile.