Permission Profiles

01 Feb 2024 - sj, tags: archiving, insights, news, product

The upcoming release of 1.8.1 introduces the permission profiles feature. It allows you to fine tune what users are able to do in the archive.

The following permissions are supported:

• view the email
• view the headers of the email
• save the email as a PDF file
• view the journaling info of the email
• download the email
• export the selected emails to a zip file
• restore the email to your mailbox

It’s important to note that the user’s permissions apply to the user’s emails only. Eg. the view permission allows him to view his own emails only.

By default the user has all permissions. Sometimes it’s necessary to restrict the users’ permissions, eg. not allow them to download or export their emails.

If this policy should apply to all users (except auditors) then you may override the default permission in /etc/piler/config-site.php:

$config['DEFAULT_PERMISSION'] = PERMISSION_VIEW+PERMISSION_HEADERS+PERMISSION_PDF+PERMISSION_JOURNAL+PERMISSION_RESTORE;

Note that auditors have a different default permission settings that grants all permission. However, you can override it, too:

$config['PERMISSION_AUDITOR'] = ....

It’s best practice to set the default permissions to the need of the majority of users, and then create profiles for the rest of the users, and finally apply them to the appropriate users.

Then administrators may create new profiles in the “profiles” menu.

Currently there’s no GUI support for applying it to users. Use the following mysql statement:

replace into user_settings (username, profile_id) values('sanyi@aaa.fu', 1);