The access permissions on Appointments are the most sophisticated with Minkowsky.
This applies to both the structure of the permissions and the Source determining these
The Permission String
The permission string defines which permissions are granted for a user or a group on a
particular appointment. The permission can be granted or not in four areas:
- Time / Location: [short l]
This includes all settings about the date, repeating and the location of the
appointment. Appointments are visible to a user if read access on Time / Location
is granted to him.
- Texts: [short t]
This includes the title and text about appointment details.
- Participants: [short p]
This includes the list of participants and all settings made there.
Also included is the privacy status and the priority.
- Comments: [short c]
Includes reading and adding comments.
To access reminder settings a user need permission on Time / Location
On each of the four areas read or write (or both) access may be granted.
This access permission are symbolised by a permission string, like:
or in short
The first block (starting with
r= or the first four letters of the short form)
defines on which areas read access is granted. The letters z ü t k
stand for the four areas, as defined above
The second block (starting with
w= or the last five letters of the short form)
defines on which areas write access is granted. The letters z ü t k
stand for the four areas, as defined above. The laster letter d stands for
the permission to delete this appointment.
If permission on a particular areas is not granted, the letter is replaced be an -.
Hence the permission string
or in short
means that the users has read access on times, location, texts and comments and
write access on texts and comments.
Sources of permissions
There are three sources which may determine access permission to an appointment.
- Permission defined within the appointment
There is one permission string for participants of an appointment regardless
if user or group.
Is the viewer of the appointment one of the participants his permission defined
within the appointment are used. All other permission are ignored apart from the
Is the viewer not participants but member of one or more participating groups
the permission defined for this groups are used. There are combined such a way
that all permission granted in at least one of this groups is granted to the
viewer. All permissions defined by the viewed calendar are ignored.
- Permission defined by the viewed calendar
- For viewing users calendar
Each user may define access permission to appointments in his calendar.
By default this permission are set to
Furthermore he may define special access permissions for members of
particular groups. If the viewer is member in one or more of this groups
he has the combined access permissions.
If the viewer is not member of any of these groups the default
access permissions as defined by the owner of the calender are used.
- For viewing groups calendar
If the viewer is member of the group access permissions for group members are used.
Otherwise access permissions for non-members are used.
This permissions are defined on the server by administrator of the server.
- For viewing rooms calendar
For rooms access permission are defined on the server by administrator of the server.
This permissions are used if the viewer is not participating in one or
another one in appointment.
- Extended Permissions to Administrators
Each Appointments has one group assigned to it as "administrative group".
If the viewer is Administrator of this group the permissions for administrators
of this groups are added to the permission derived under 1 or 2.
If the viewer is Administrator of the group All the permissions for administrators
of groups All are added to the permission derived before.
The permissions for administrators for group are defined by the administrator of the server
on the server.
Access permission are derived for each appointment separately. Hence,
a viewer may only see some appointments in the calendar of another user.
For example the other user may not grant him to view any appointment. But of course
he can see all appointments both view and the other attend.