Goozzee Help

Security

a) Overview

Goozzee is designed to be 'multi-user', with a security system that restricts the access to topics and documents. The security model is quite similar to the one that can be found on Unix systems :

the program manages a list of users and groups. Each group can contain an unlimited number of users; each user is assigned a main group, and can belong to an unlimited number of secondary groups. But beware that these users and groups are internal to Goozzee, and have nothing to do with the users and groups of your operating system
each topic keeps a record of who created it, and who updated it (the user, and this user's main group)
each document records who uploaded it (the user, and this user's main group)
each topic and document have security properties, that define access rights at the user level, at the group level, and for the rest of the users. For example, let's say the Foo topic is owned by user John, from the Accounting group. John will be able to set Foo's security properties so that, for example, he will be allowed to modify this topic, the other members of the Accounting group will be allowed to view this topic, and the rest of the users won't be allowed to view or modify it (it will be completely hidden to them.)

Two dialogs allow you to manage Goozzee's users and groups. These dialogs can be opened from the 'Admin' menu (note that this menu will only appear if your user is defined as an admin user).

b) Managing Users

Managing users is done using this window.

The list on the left side shows all the users already defined. Double-clicking on a user, his details will appear on the right side of the window. On the lower part of the window are the buttons you'll use to create, delete and modify the users.

Two fields deserve some explanation :

Administrator : The Administrator box is checked if the user you selected is the administrator of the repository (the only one who can create users and groups)
Main Group : Each user can belong to multiple security groups, but the main group of the user is the one that will be assigned by default to the topics and documents created by this user.

When creating or updating users, all the fields are mandatory : the name of the user must be non-blank, and unique (you can't have two users with the same name). the two password fields must be non-blank. But there is no check on the complexity of the password you'll enter. you must select a main group. When deleting a user, you must select a replacement user and group, so that all the topics and documents owned by the deleted user will be given to the replacement user/group. What's more, note that you cannot create an admin user from this dialog. The only administrator user is the one that was created during the database initialization, and that administrator cannot be renamed afterwards.

c) Managing groups

Managing groups is quite similar to managing users (see the window below).

On the left side is a list of all the groups already defined. If you double-click on one of them, its details will appear on the right side of the window. These details consist of the name of the group (which must be unique : you can't have two groups with the same name.), and two lists of users : those already belonging to this group, and the others. In the list of assigned users, some will appear in red, which means that this group is defined as their main group.
Adding/removing users to/from a group is just a matter or moving users from one list to the other, which can be done in three different ways :

selecting a user and clicking on one of the arrow buttons to put it to the other list
double-clicking a user
dragging a user and dropping it into the other list.

On the lower part of the window are the buttons you'll use to create, delete and modify the security groups.
When deleting a group, you'll have to specify a replacement group, so that all the topics and documents belonging to the deleted group will be re-assigned to the replacement group.

Beware that you cannot delete a group as long as it is used as the main group of some user -- such users will appear in red in the list of assigned users. What's more, you cannot remove a user from a group if this group is defined as his main group. So, let's make it short, when you edit a group, if you see red users in the list of assigned users, you cannot remove these users from the group, and you cannot delete this group.

Note that you can have both users and groups management windows open simultaneously. They will update each other, each time you create / modify / delete users or groups. But could can open only one instance of each.

d) Managing topics and documents access rights

Once we have created our security groups, and populated them with users, we can start restricting access on topics and documents. To view or modify the security settings of a topic, click on the locker icon, on the toolbar of the main window.

This will open a dialog that shows :

who owns this topic : which user and which group
the access right of the owner : allowed to modify, allowed to view, or not allowed at all
the access rights of users belonging to the owner's group
the access rights of other users.

If you are the owner of that topic, or if your user is defined as an Admin user (see users management), you'll be able to modify the values from this dialog.

The same kind of access rights can be assigned to documents. Opening the Security Settings dialog is done by right-clicking a document, and choosing the 'Security Settings' menu item.
Beware that security restrictions do not apply to templates. So every note template is usable by everybody; you cannot restrict the use of a template to a specific user or group.

e) Locks

Goozzee implements a locking system to prevent multiple users from modifying the same piece of data simultaneously. This locking system applies to notes, properties and documents.

Notes & Properties locks

At the bottom of the main window, a couple of buttons allow the locking of notes and properties simultaneously (Edit, OK and Cancel).

By default, when you open a topic, it appears as read-only : the notes editor remains scrollable, but isn't editable; the properties are visible, but can't be updated. To be able to modify these data, you must first click the Edit button, which will allow you to modify the Notes and the fields from the Properties tab. The OK button will be used to save the modifications and go back to the read-only mode, while the Cancel button will revert all the modifications you had made.

When a user is modifying a topic, this topic appears as Locked for the other users: for them, the Edit, OK and Cancel buttons disappear, and are replaced with a message that explains who is currently locking this topic. The lock will be removed as soon as the user who is busy modifying the topic clicks OK or Cancel.
In case of a Goozzee crash while the user is modifying a topic, this topic will remain locked by this user, so nobody will be allowed to modify it anymore. To unlock this topic, two solutions :

the same user restarts Goozzee and re-opens the same topic : this will automatically reset the lock.
an administrator user opens this topic and uses the Unlock button to remove the lock. (in fact, the Unlock button will always be greyed-out, unless your user has administrator rights)

Documents locks

Documents have their own locking system. Locking is done by checking files in and out. When a user wants to modify a document of the repository, he must first right-click this document and check it out. A lock will be put on the document, and it will be downloaded on this user's computer in a directory named : /goozzee.docs/./ From that moment, the other users will only be allowed to view this document, but nobody else will be able to check it in or out. The check out dialog offers the possibility to enter a text (maximum 200 characters) describing the reason for the check-out, a check box at the bottom of the dialog proposes to open the document right away (otherwise, the file will only be copied on the local computer).

When the user has finished his modifications on the document, he must check it in, in order to upload the new version into Goozzee, and release the lock so that other users can now modify it. The Check-in dialog also offers a text area to enter a description of the modifications that were appended to the file (maximum 200 characters). A checkbox appears at the bottom of the window, that proposes to remove the file from the local computer after the check-in.

Note that, for now, Goozzee doesn't keep any history of the various check-ins / check-outs that happened on a document. Neither does it keep any previous versions of the documents. Note that you can also release the lock on a checked-out document, without checking it in : right-click on that document, and choose the release lock menu item. This will reset its 'checked out' status, and it won't be locked anymore for the other users.