Handling of user permissions (grants and rights)

From Tine 2.0 - Wiki

Tine 2.0 permission system

Tine 2.0 is using two different kinds of permissions. They are called grants and rights.


Grants get used to control access to data records. A data record can be a contact, calender entry or task for example. Any kind of record is tied to a container. A container can be a personal or shared addresbook for example. The grants get assigned to the container and not to the data records itself, which means that for any data record in the container apply the same grants. This is different to eGroupWare 1.x, where any grants got tied directly to the data via the ownership of the record.

Tine 2.0 supports following grants:

  • read (read existing data records from this container)
  • add (add new data records to this container)
  • modify (modify existing data records in this container)
  • delete (delete data records stored in this container)
  • admin (manage grants for this container)


Rights get used to control, which parts of Tine 2.0 are useable by the user. The rights allow the adminstrator to control, which user can run which application and which parts(admin part for example) of this application the user can use.

Tine 2.0 supports following rights:

  • run (run this application)
  • admin (administrate this application)

-> see also: Manually modify application rights